DEV Community

Cover image for CodeNotary free trusted timestamping service for Developer
vchaindz
vchaindz

Posted on • Updated on

CodeNotary free trusted timestamping service for Developer

CodeNotary Trusted Timestamping Service

Every build has a story to tell - Tamperproof provenance for your code and CI/CD pipeline

Quickstart here: Code Timestamp

The combination of our free, lightning-fast and always-on timestamp service and the easy to use cli tool, gets you started in a minute.
immutable and lightning-fast

What means trusted timestamping

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.
CodeNotary uses its immutable open source database immudb to provide this service that includes cryptographic verification and immutable data history.

Use cases

This timestamping service provides full immutability for all data ever written and unique data checksum ever stored including its history. As a trust level comes with the timestamp, you can change your mind over time (unsupport, untrust) without touching the code or binary. As the complete trust and timestamping history is stored for any digital identity (SHA-256 checksum), you can easily create workflows and decision trees in your CI/CD recipes.

There are plenty of different use cases:

  • Add a trusted timestamp to code
  • Add an immutable timestamp to electronic signatures
  • Seal the data integrity and your trust level at a given point in time
  • Prove the existence of elecronic data at a specific point in time
  • CI/CD integration - notarize all outgoing assets, authenticate all incoming
  • Store provenance for you own sources
  • Unsupport deprecated versions of your software and run update checks bases on the latest timestamp
  • Revoke trust (untrust) at any time without the need to touch your code or binaries
  • Trust or remove trust for digital assets and act on the status (within your script or pipeline)
  • Simply timestamp files and sources to doublecheck at any time in the future if these are still the same (backup/restore)

Simply request your API key and get started within a minute! This service is free forever and was built using Open Source!

Notarized assets information is stored in a tamperproof ledger with cryptographic verification backed by immudb, the immutable database.

Obtain an API Key

To provide access to our timestamping service a valid API Key is required. If you don't have one yet, simply signup here CodeNotary Timestamp
This API Key is bound to your email address and it's required during vcn login.

Quick start

  1. Installer In case you use Linux or macOS, the quickest start is our install script:
bash <(curl https://getvcn.codenotary.com -L)
Enter fullscreen mode Exit fullscreen mode

You can also download the latest release

  1. Login to timestamp.codenotary.com
vcn login --lc-host timestamp.codenotary.com # type in your API key when requested
# or setting the API key
VCN_LC_API_KEY=<Your-API-Key vcn login --lc-host timestamp.codenotary.com
Enter fullscreen mode Exit fullscreen mode
  1. Notarize existing digital objects Once you have an account you can start notarizing digital assets to give them an identity.
vcn n <file|dir://directory|docker://dockerimage|git://gitdirectory>
Enter fullscreen mode Exit fullscreen mode
  1. Authenticate digital objects You can use the command as a starting point.
vcn a <file|dir://directory|docker://dockerimage|git://gitdirectory>
Enter fullscreen mode Exit fullscreen mode

Tip: the timestamping and verification calculates a SHA256, so larger files might take a bit longer depending on your system.

For detailed command line usage, just run vcn help.

Usage

Wildcard support and recursive notarization

It's also possible to notarize assets using a wildcard pattern.

With --recursive flag the utility can recursively notarize inner directories.

vcn n "*.md" --recursive
Enter fullscreen mode Exit fullscreen mode

Notarization

Start with the login command. vcn will walk you through login and importing up your secret upon initial use.

vcn login --lc-host timestamp.codenotary.com
Enter fullscreen mode Exit fullscreen mode

Once your secret is set, you can notarize assets like in the following examples:

vcn notarize <file>
vcn notarize dir://<directory>
vcn notarize docker://<imageId>
vcn notarize podman://<imageId>
vcn notarize git://<path_to_git_repo>
vcn notarize --hash <hash>
Enter fullscreen mode Exit fullscreen mode

Change the asset's status:

vcn unsupport <asset>
vcn untrust <asset>
Enter fullscreen mode Exit fullscreen mode

Authentication

vcn authenticate <file>
vcn authenticate dir://<directory>
vcn authenticate docker://<imageId>
vcn authenticate podman://<imageId>
vcn authenticate git://<path_to_git_repo>
vcn authenticate --hash <hash>
Enter fullscreen mode Exit fullscreen mode

To output results in json or yaml formats:

vcn authenticate --output=json <asset>
vcn authenticate --output=yaml <asset>
Enter fullscreen mode Exit fullscreen mode

Automated environments

Simply set up your environment accordingly using the following commands:

export VCN_LC_API_KEY=Your-API-Key
Enter fullscreen mode Exit fullscreen mode

Once done, you can use vcn in your non-interactive environment using:

vcn login --lc-host timestamp.codenotary.com
vcn notarize <asset>
Enter fullscreen mode Exit fullscreen mode

Other commands like untrust and unsupport will also work.

Examples

Authenticate a Docker image automatically prior to running it

First, you’ll need to pull the image by using:

docker pull hello-world
Enter fullscreen mode Exit fullscreen mode

Then use the below command to put in place an automatic safety check. It allows only verified images to run.

vcn authenticate docker://hello-world && docker run hello-world
Enter fullscreen mode Exit fullscreen mode

If an image was not verified, it will not run and nothing will execute.

Summary

This new and free forever service enables hundreds of use cases for developers and DevOps engineers.
We're keen to learn about your use case! Just reach out to us in the chat or by email - CodeNotary

Discussion (0)