Signing service
===============
Short description
-----------------
A service for storing keys and signing messages.
Detailed description
--------------------
The signing service provides Launchpad with a way to sign important objects
such as boot loaders, kernel images, kernel modules, or archive metadata,
while isolating private keys so that other components of Launchpad cannot
read them directly.
It exposes authenticated and encrypted HTTP interfaces for generating keys,
injecting keys that were generated elsewhere, and signing data.
It is used both by Launchpad itself and by some other services within
Canonical, such as the Snap Models Service.
Documentation
-------------
`Official documentation `_
Git repository
--------------
`Main repository `_
Bug tracker
-----------
`Bug tracker `_
Deployment
----------
* `lp-signing charm `_
* `Mojo spec `_
* `Deploying lp-signing `_
Related specifications (only accessible for Canonical employees)
----------------------------------------------------------------
`Launchpad signing service `_
Log files
---------
See `FreshLogs documentation `_.
Production
~~~~~~~~~~
* ``rless il3-signing1.lp.internal::lp-signing-gunicorn-logs/gunicorn.log``
* ``rless il3-signing2.lp.internal::lp-signing-gunicorn-logs/gunicorn.log``
Staging
~~~~~~~
* ``rless 10.132.60.12::lp-signing-gunicorn-logs/gunicorn.log``
* ``rless 10.132.60.220::lp-signing-gunicorn-logs/gunicorn.log``
Common support cases
--------------------
..
XXX: https://warthogs.atlassian.net/browse/LP-1323: add documentation for enrolling a new client
More information
----------------
`Launchpad services diagram `_