This document has information relevant to the maintainers of this repository.
End-user technical documentation should live within the charts themselves or in the gh-pages branch.
Release automation signs Helm chart releases using a GPG key stored in a GitHub Actions secret.
Only repository administrators have permissions to update secrets.
Release automation uses the GPG_KEY_BASE64 secret to sign the packages.
The GPG_KEY_BASE64 is a base64 encoded GPG key.
It expires on 2023-03-30.
Grafana Labs employees may access the private key using the company 1password.
Grafana Labs employees can extend the expiry of the private key using the gpg command line tool.
-
Write the contents of the
Loki Helm GPG Key1password secret into a file. -
Import the key into a separate keyring.
$ gpg --no-default-keyring --keyring ~/.gnupg/helm-charts.gpg --import <PATH TO GPG KEY> gpg: key 7054A9559D3CFB0B: public key "Grafana Loki <[email protected]>" imported gpg: key 7054A9559D3CFB0B: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1
-
Run the
gpginteractive prompt to edit the 'Grafana Loki' key.$ gpg --no-default-keyring --keyring ~/.gnupg/helm-charts.gpg --edit-key 'Grafana Loki' gpg (GnuPG) 2.3.4; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa2048/7054A9559D3CFB0B created: 2020-03-29 expires: 2023-03-30 usage: SC trust: unknown validity: ultimate ssb rsa2048/4A6B2462555868C7 created: 2020-03-29 expires: 2023-03-30 usage: E [ultimate] (1). Grafana Loki <[email protected]> gpg>
-
At the
gpginteractive prompt, run theexpirecommand and follow the prompt to extend expiry.gpg> expire Changing expiration time for the primary key. Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? <VALIDITY PERIOD>
-
At the
gpginteractive prompt, select the subkey.gpg> key 1 sec rsa2048/7054A9559D3CFB0B created: 2020-03-29 expires: 2023-04-01 usage: SC trust: unknown validity: ultimate ssb* rsa2048/4A6B2462555868C7 created: 2020-03-29 expires: 2023-03-30 usage: E [ultimate] (1). Grafana Loki <[email protected]>
-
At the
gpginteractive prompt, and with the subkey selected, run theexpirecommand and follow the prompt to extend expiry of the subkey.gpg> expire Changing expiration time for the primary key. Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? <VALIDITY PERIOD>
-
At the
gpginteractive prompt, run thesavecommand to save changes and quit the program.gpg> save -
Base64 encode the keyring, placing the result into your clipboard.
$ base64 ~/.gnupg/helm-charts.gpg | xclip -selection clipboard -i
-
Update the
GPG_KEY_BASE64GitHub Actions secret with the contents of your clipboard. -
Export the private key to your clipboard.
$ gpg --no-default-keyring --keyring ~/.gnupg/helm-charts.gpg --export-secret-key -a | xclip -selection clipboard -i
-
Update the
Loki Helm GPG Keysecret in 1password with the contents of your clipboard.