CodeNotary Trusted Timestamping Service
Every build has a story to tell - Tamperproof provenance for your code and CI/CD pipeline
Quickstart here: Code Timestamp
The combination of our free, lightning-fast and always-on timestamp service and the easy to use cli tool, gets you started in a minute.
What means trusted timestamping
Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.
CodeNotary uses its immutable open source database immudb to provide this service that includes cryptographic verification and immutable data history.
Use cases
This timestamping service provides full immutability for all data ever written and unique data checksum ever stored including its history. As a trust level comes with the timestamp, you can change your mind over time (unsupport, untrust) without touching the code or binary. As the complete trust and timestamping history is stored for any digital identity (SHA-256 checksum), you can easily create workflows and decision trees in your CI/CD recipes.
There are plenty of different use cases:
- Add a trusted timestamp to code
- Add an immutable timestamp to electronic signatures
- Seal the data integrity and your trust level at a given point in time
- Prove the existence of elecronic data at a specific point in time
- CI/CD integration - notarize all outgoing assets, authenticate all incoming
- Store provenance for you own sources
- Unsupport deprecated versions of your software and run update checks bases on the latest timestamp
- Revoke trust (untrust) at any time without the need to touch your code or binaries
- Trust or remove trust for digital assets and act on the status (within your script or pipeline)
- Simply timestamp files and sources to doublecheck at any time in the future if these are still the same (backup/restore)
Simply request your API key and get started within a minute! This service is free forever and was built using Open Source!
Notarized assets information is stored in a tamperproof ledger with cryptographic verification backed by immudb, the immutable database.
Obtain an API Key
To provide access to our timestamping service a valid API Key is required. If you don't have one yet, simply signup here CodeNotary Timestamp
This API Key is bound to your email address and it's required during vcn login.
Quick start
- Installer In case you use Linux or macOS, the quickest start is our install script:
bash <(curl https://getvcn.codenotary.com -L)
You can also download the latest release
- Login to timestamp.codenotary.com
vcn login --lc-host timestamp.codenotary.com # type in your API key when requested
# or setting the API key
VCN_LC_API_KEY=<Your-API-Key vcn login --lc-host timestamp.codenotary.com
- Notarize existing digital objects Once you have an account you can start notarizing digital assets to give them an identity.
vcn n <file|dir://directory|docker://dockerimage|git://gitdirectory>
- Authenticate digital objects You can use the command as a starting point.
vcn a <file|dir://directory|docker://dockerimage|git://gitdirectory>
Tip: the timestamping and verification calculates a SHA256, so larger files might take a bit longer depending on your system.
For detailed command line usage, just run vcn help.
Usage
Wildcard support and recursive notarization
It's also possible to notarize assets using a wildcard pattern.
With --recursive flag the utility can recursively notarize inner directories.
vcn n "*.md" --recursive
Notarization
Start with the login command. vcn will walk you through login and importing up your secret upon initial use.
vcn login --lc-host timestamp.codenotary.com
Once your secret is set, you can notarize assets like in the following examples:
vcn notarize <file>
vcn notarize dir://<directory>
vcn notarize docker://<imageId>
vcn notarize podman://<imageId>
vcn notarize git://<path_to_git_repo>
vcn notarize --hash <hash>
Change the asset's status:
vcn unsupport <asset>
vcn untrust <asset>
Authentication
vcn authenticate <file>
vcn authenticate dir://<directory>
vcn authenticate docker://<imageId>
vcn authenticate podman://<imageId>
vcn authenticate git://<path_to_git_repo>
vcn authenticate --hash <hash>
To output results in json or yaml formats:
vcn authenticate --output=json <asset>
vcn authenticate --output=yaml <asset>
Automated environments
Simply set up your environment accordingly using the following commands:
export VCN_LC_API_KEY=Your-API-Key
Once done, you can use vcn in your non-interactive environment using:
vcn login --lc-host timestamp.codenotary.com
vcn notarize <asset>
Other commands like
untrustandunsupportwill also work.
Examples
Authenticate a Docker image automatically prior to running it
First, you’ll need to pull the image by using:
docker pull hello-world
Then use the below command to put in place an automatic safety check. It allows only verified images to run.
vcn authenticate docker://hello-world && docker run hello-world
If an image was not verified, it will not run and nothing will execute.
Summary
This new and free forever service enables hundreds of use cases for developers and DevOps engineers.
We're keen to learn about your use case! Just reach out to us in the chat or by email - CodeNotary
Top comments (0)