Skip to content

Enable Asset Policy Signature Validation on a Compute Gateway🔗

This brief guide walks you through the Apheris Compute Gateway setup to enable the optional Asset Policy signature verification.

Please refer to the guide on how to sign Asset Policies in the data custodian documentation to get an overview about the Asset Policy signing feature in general. To find out about your current setup you can read monitoring compute gateways.

Note

The following assumes that you have a certificate for signature verification at hand.

A convenient way to create a signing key and certificate is the Apheris signature tool. If you want more information about the signature tool, please contact your Apheris representative.

To enable Asset Policy signature validation, edit the values (values.yaml file for the single instance installer or inline values for the Terraform module) to include the certificates bundle (the contents of the .pem file) to auth.certificates and set auth.verifySignatures to true.

The values should resemble:

auth:
  verifySignatures: true
  certificates: |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----

Please be mindful that the certificates need to be inserted as a multiline string (literal, so preserving newlines) - the indentation of the whole pem block is important.