Signing service

Short description

A service for storing keys and signing messages.

Detailed description

The signing service provides Launchpad with a way to sign important objects such as boot loaders, kernel images, kernel modules, or archive metadata, while isolating private keys so that other components of Launchpad cannot read them directly.

It exposes authenticated and encrypted HTTP interfaces for generating keys, injecting keys that were generated elsewhere, and signing data.

It is used both by Launchpad itself and by some other services within Canonical, such as the Snap Models Service.

Documentation

Official documentation

Git repository

Main repository

Bug tracker

Bug tracker

Deployment

• lp-signing charm

• Mojo spec

• Deploying lp-signing

Related specifications

Launchpad signing service

Log files

See FreshLogs documentation.

Production

• rless il3-signing1.lp.internal::lp-signing-gunicorn-logs/gunicorn.log

• rless il3-signing2.lp.internal::lp-signing-gunicorn-logs/gunicorn.log

Staging

• rless 10.132.60.12::lp-signing-gunicorn-logs/gunicorn.log

• rless 10.132.60.220::lp-signing-gunicorn-logs/gunicorn.log

Common support cases

More information

Launchpad services diagram