TURBO_REMOTE_CACHE_SIGNATURE_KEY support #394
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
🚀 Feature Proposal
TURBO_REMOTE_CACHE_SIGNATURE_KEYTurborepo can sign artifacts with a secret key before uploading them to the Remote Cache
Motivation
Please outline the motivation for the proposal.
Turborepo uses
HMAC-SHA256signatures on artifacts using a secret key you provide. Turborepo will verify the Remote Cache artifacts' integrity and authenticity when they're downloaded. Any artifacts that fail to verify will be ignored and treated as a cache miss by Turborepo.To enable this feature, set the remoteCache options on your turbo.json config to include signature: true. Then specify your secret key by declaring the TURBO_REMOTE_CACHE_SIGNATURE_KEY environment variable.
Example
To utilize the
TURBO_REMOTE_CACHE_SIGNATURE_KEYwhich will increase the security of the remote cache, the project config will need to be updated to include the following:{ "remoteCache": { "signature": true } }read more
https://turbo.build/repo/docs/core-concepts/remote-caching#artifact-integrity-and-authenticity-verification
The text was updated successfully, but these errors were encountered: