Verify Docker Compose file for online installs

With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.

Download the signature file and the public key to the same directory as your docker-compose.yml and license file.

Note: For instructions on downloading the docker-compose.yml and license files, see the instructions on how to Install Remediate on online nodes.

Run the following command:

openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature signature docker-compose.yml

If the signature is valid, you get the following response:

Verified Ok

Was this page helpful?

We’re sorry to hear that!
Please tell us why so we can help. Enter your feedback and email. This form is sent to the Puppet docs team. We ask for your email as we might contact you regarding your feedback. If you need help with the product itself, visit Puppet Support or ask in Puppet Community on Slack. Feedback:

Email Address:

To learn about how Puppet uses your personal information, visit our privacy policy.

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.