Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE Signing Tool

Installing and Using the CTE Signing Tool

search

We're moving!

A new home for CipherTrust documentation will be introduced on December 02, 2025! Visit https://docs-cybersec.thalesgroup.com for a preview.

Installing and Using the CTE Signing Tool

To use this tool to gather signatures from other container images and then push them to CipherTrust Manager, complete the following steps:

  1. Download a container image:

    a. From a public repository, type:

    ./cte-sign --cdi --image=<image name> --tag=<image version>

    b. From a private repository, type:

    ./cte-sign --cdi --image=<image name with url> --tag=<image version> --repo-user=<repo username> --repo-password=<repo password>

  2. Get a list of signature set IDs from CipherTrust Manager, type:

    ./cte-sign --cm --signature-sets list --ip=<CM IP> --user=<CM username> --password=<CM password> --cm-domain=<CM Domain>

  3. Create a signature set to contain the IDs from the downloaded container, type:

    ./cte-sign --cm --signature-sets create --sigset-name=<signature-set-name> --ip=<CM IP> --user=<CM username> --password=<CM password>  --cm-domain=<CM Domain>

  4. Send the signatures collected from the downloaded container image to CipherTrust Manager in a signature set ID, type:

    ./cte-sign --cm --signature-sets add-signatures --sigset-name=<signature-set-name> --path=<source-path> --ip=<CM IP> --user=<CM username> --password=<CM password> --cm-domain=<CM Domain>

  5. Cleanup and remove the image directory, type:

    ./cte-sign --cleanup

CLI Argument Definitions

Argument Definition
--image Container image name/url.
--tag Container image version.
--repo-user Username for private repository access.
--repo-password Password/AccessToken for the private repository.
--ip CipherTrust Manager IP address.
--user Username of CipherTrust Manager credential.
--password Password of CipherTrust Manager credential.
--cm-domain This argument is Optional. Provide this option only if an operation belongs to a specific domain other than the root domain.
--sigset-name The signature set name where signatures will be contained.
--path The binary path from the downloaded container image, for the files that need to be pushed to CipherTrust Manager. ex: /usr/bin
--cleanup Delete the container image files and directories.

On this page