rekor-cli

TLDR

Upload entry

$ rekor-cli upload --artifact [file] --signature [file.sig] --public-key [key.pub]

Search by artifact

$ rekor-cli search --artifact [file]

Search by email

$ rekor-cli search --email [user@example.com]

Get entry by UUID

$ rekor-cli get --uuid [entry-uuid]

Get entry by log index

$ rekor-cli get --log-index [12345]

Verify entry

$ rekor-cli verify --artifact [file] --signature [file.sig]

Show log info

$ rekor-cli loginfo

SYNOPSIS

rekor-cli command [--artifact file] [--signature file] [options]

rekor-cli interacts with Rekor transparency log. Rekor provides tamper-resistant audit trails.
Upload adds signed artifacts to the log. Entries are immutable once recorded.
Search finds entries by artifact, email, or hash. Proves when signatures were created.
Verification checks artifacts against the log. Confirms signature validity and timing.
Log info shows tree size and root hash. Enables verification of log integrity.

PARAMETERS

upload

Add entry to log.

search

Search entries.

get

Retrieve entry.

verify

Verify artifact.

loginfo

Log information.

--artifact FILE

Artifact file.

--signature FILE

Signature file.

--public-key FILE

Public key file.

--uuid UUID

Entry UUID.

--rekor_server URL

Rekor server URL.

CAVEATS

Requires network access to Rekor server. Entries are public. Key management separate.

HISTORY

Rekor is part of the Sigstore project, initiated by Google, Red Hat, and others. It provides transparency logging for software supply chain security.