Feat/autopublish

README.md

@@ -111,10 +111,13 @@ only and should not be used in production.
                 ContainerDb(backend-db, "CouchDB", "CMS-Backend-Database")
             }
         }
+
+        Container(trustedprovider, "Trusted Provider", "nginx + go", "Trusted CSAF provider")
     }
 
     Rel(user, reverseproxy,"","HTTPS")
     Rel(reverseproxy, secvisogram,"/")
+    Rel(reverseproxy, trustedprovider,"/.well-known/csaf")
     Rel(reverseproxy, oauth,"/api/*")
     Rel(reverseproxy, keycloak,"/realm/csaf/")
     Rel(oauth, validator, "/api/v1/test")
@@ -123,6 +126,7 @@ only and should not be used in production.
     Rel(backend, backend-db,"")
     Rel(backend, keycloak,"")
     Rel(keycloak, keycloak-db,"")
+    Rel(backend, trustedprovider,"/cgi-bin/csaf_provider.go/api/upload")
 
 
 ```
@@ -141,6 +145,9 @@ only and should not be used in production.
 - [Generate a cookie secret](https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview#generating-a-cookie-secret)
   and paste it in `CSAF_COOKIE_SECRET`.
 - restart `docker compose down` and `docker compose up -d`
+- The trusted CSAF provider can be initialized with `docker compose up trusted-provider-setup` 
+  	- The folder `docker/config/trustedprovider` contains example / development PGP keys.
+  	- More details on configuring the trusted provider can be found [GoCSAF](https://github.com/gocsaf/csaf)
 - (required for exports) install [pandoc (tested with version 2.18)](https://pandoc.org/installing.html)
   as well as [weasyprint (tested with version 56.0)](https://weasyprint.org/) and make sure both are in
   your PATH
@@ -323,10 +330,3 @@ These additional references should also help you:
 
 [(back to top)](#bsi-secvisogram-csaf-backend)
 
-#### diagrams.net (formerly known as draw.io)
-
-- [diagrams.net](https://www.diagrams.net/)
-
-- [Intellij Integration](https://plugins.jetbrains.com/plugin/15635-diagrams-net-integration)
-
-[(back to top)](#bsi-secvisogram-csaf-backend)

docker/compose.yaml

@@ -25,6 +25,7 @@ services:
         aliases:
           - "couchdb.csaf.internal"
 
+
   keycloak-db:
     image: postgres:17-alpine
     hostname: keycloak-db.csaf.internal
@@ -164,9 +165,10 @@ services:
       OAUTH2_PROXY_EMAIL_DOMAINS: "*"
     ports:
       - "${CSAF_APP_EXTERNAL_PORT}:4180"
-#    Remove comments for the next two line if there are issues with connections beetween the containers and the host
-#    extra_hosts:
-#      - "host.docker.internal:host-gateway"
+#    Remove comments it there are issues with host.docker.internal on Linux
+#    On Linux you have to enable the host-gateway feature in docker daemon
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     restart: on-failure
     depends_on:
       keycloak:
@@ -209,7 +211,6 @@ services:
       default: 
         aliases:
           - "secvisogram.csaf.internal"        
-
 
   reverse-proxy:
     image:  nginx:1.27-alpine
@@ -233,3 +234,42 @@ services:
         condition: service_started
       validator:
         condition: service_healthy
+
+  trusted-provider:
+    build:
+      context: ./container/trustedprovider
+      dockerfile: Dockerfile
+    hostname: provider.csaf.internal
+    env_file: 
+      - .env
+    environment:
+      - PUID=1000
+      - PGID=1001
+      - TZ=Europe/Berlin
+    volumes:
+      - ./config/trustedprovider/provider-config.toml:/config/provider-config.toml:ro
+      - ./config/trustedprovider/private.asc:/config/private.asc:ro
+      - ./config/trustedprovider/public.asc:/config/public.asc:ro
+      - ./data/trustedprovider/:/data/
+    healthcheck:
+        test: ["CMD-SHELL", "wget -O /dev/null http://127.0.0.1 || exit 1"]
+        interval: 10s
+        timeout: 10s
+        retries: 10
+
+  trusted-provider-setup:
+    build:
+      context: ./container/uploader
+      dockerfile: Dockerfile
+    container_name: "trusted-provider-setup"
+    restart: "no"
+    profiles: [ "run_manually" ]
+    volumes:
+      - ./config/uploader/config-create.toml:/config/config.toml:ro
+    environment:
+      - OPTIONS=--config=/config/config.toml
+    entrypoint: ["/opt/csaf_uploader", "--config=/config/config.toml"]
+    depends_on:
+      trusted-provider:
+        condition: service_healthy
+

docker/config/reverseproxy/nginx.conf

@@ -58,5 +58,20 @@ http {
             proxy_pass         http://secvisogram.csaf.internal/;
             proxy_redirect     off;
         }
+
+        location /cgi-bin {
+            proxy_pass         http://provider.csaf.internal/cgi-bin;
+            proxy_redirect     off;
+        }
+
+        location /.well-known/security.txt {
+            proxy_pass         http://provider.csaf.internal/.well-known/security.txt;
+            proxy_redirect     off;
+        }
+
+        location /.well-known/csaf{
+            proxy_pass         http://provider.csaf.internal/.well-known/csaf;
+            proxy_redirect     off;
+        }
     }
 }

docker/config/trustedprovider/private.asc

@@ -0,0 +1,81 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQVYBGkcceQBDACnvtSRICJlc5fMy4UJJ8Zjl9NaJ4xC7nw9sToSQX6XksKaKHLP
+baTFV/lJ7ZB4PAzpxFrYuH1n887ccpH2iG8M1zsIAwKNibloA/McjgK0B3hiIzgY
+Y3JeUzNwwnFFmlgzSQt0xhnPowgG67rm9RKXVoZ0GyAyI8ymaOQ9r91qToSo8bkK
+jvLTEYFXRiAYe3sAkmeEjjuE76bNVW9IzoGiG2c/olT075Xf0RI8JSnmitlap4gI
+9HtTulp59n1QGpZfTDwEAVb4i0t1XGuKyaXcZ09BoXmJj9sySmz0qSLJZhxP35CT
+dktk1EGeS2g4O1jdOiWSOU4F+GUlKT2ukURCGPpzSFpXiJPc+Y83654Af2WY34Oc
+NaIyok00tIOOb7kPJMRmJUMN1p4L0e80MscHpxnhgfbxkFVEU0r0D8VA3ZUYL9f2
+yHDc2ishQhHb86mHnsFrUkRKdGTnHM0aWiRkupo6lMbSFj3loMxGPTb0g0DReUjc
+IFJxgeNexFoRPHcAEQEAAQAL+wdXPo4rTdYKvPXlYikIaJIrLsCfQnAbZ6x7eQMb
+gqK3dXSxmHSjY7aPJwWpM81PM3F3elJJoJNQBBl5mhGj3tg9AwRSvWXcRRTcN2Nk
+g5HFUetZhzbqAzNFiNbCa5qUKo/z/mBZ2v9PLya+YiuBRhMBYljqZvpKvsX5iSN5
+8sKYNQ3/pg1kPBQoi/R5ySXJIZTg007luo0Sv8X0my4ge2PQty/9tqIRagmlaJrh
+NXg1U1W4Rye9Kzh6y0LTGqDKyP+vpdhmpuXpJFj+ci04X80cxVhjLQqIgi8rMZwr
+vENP8erkhDAlChy1W4Kd1HdOFz0aDB7auxjLou8z+SNgnfW5Otg0GL83ZX9xQE7Z
+u9pSpGNtMe6L3i6uhiqfNJD9uTLxavCSjGRv0KZKb+EcSNVOjVPCdAnSEz8bAke7
+ll3KyCcKsKhVE6Zi68whYJezCI61EBWDLq87twarLhUFvcFwvCP4bneamLN91jXx
+QjRyVjo6p0PeUqBK8jYWlvRawQYAw4ukqw0LmhpvDVzUxlmYWcrh4mZyZiZ5q/1b
+YTotiRjoLzy4CKLnNtcGVHO/GxVsLIODd9qQyE+9Hv5iphGeFN/anloGLQqasqdb
+Gmeg39oVp5Qogegw7PiWLWecVy92/tUVb+HAAc+5alndGUFjtEFxJ3awLM1RE4gc
+r2Z2NEnGMgp7t9CUIwm+9dXaZCkt9chm71+RBmFvL6NWkwFe5VZu0VOYKZWux6eu
+S4eaeAVgHmTx0B9F1WZ262PPn3JJBgDbmvcH3G9hSyt6rB1nBZAOKfQ7H2h1ZKzj
+uS7pAPMxpO0t/Iu4D4e6WsHlZMZKQ7BsC9uBqHkWf0NxBVXp/ke1VDV7w8F7hzFT
+Ir01+CTBF65f1h/bTWCe3FbhsDvRSg9N2J63pfg/bDJHN/deDWvAtQtr3wVnvewp
+zvwJlSCCp/xwEWSLk+RFi6zhDYkifbIKuvgRQfI/N+QCQbJ+b7s3Zz3qGJ5o2oG4
+WKcaiJxVhpCr3Cae9tRSDw+G8WhDOL8GALdaj9qHVOkJJZIpi51Yxc6zRJCh7J5r
+7lchOXUR2T5cm4PH5nCiH3S3Ce/ZOfJ0NHTYH0G+bIeY7Kp1fLaEjqx2siEoHlTf
+xCkS2aHpKe+GukVhJtHlSpDAi3A5jGQBJ3k9G4F/ZsLn7mQ8Rv6vzC4k/QaONr2O
+NwXEwmiCXJeglg5Xy91GFZmePQfkiZtlKd+0C1YtoWoInc0h1JXzDunbk0nr9x4A
+1JUAkKRVRKQzbzZaa9Z3fR8KSnFnrI0/UM4UtAx0ZXN0cHJvdmlkZXKJAc4EEwEK
+ADgWIQR1OlPctc/Y1rv7Xpwuc+meZV8J8wUCaRxx5AIbAwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRAuc+meZV8J89e6C/9GVVycqTDYndGokIQtX5cp9jinMs8y
+XvjC7uv2tl8mY7WT+O2IOTsJ2DUwvN+eT7PIQQSnSHGQVLNRZ4xRyTm2fG07Eseb
+Oa/fZ6IsXLuu6QTSg/zuzEHzOArjGINP3JF8QYJHw92xT4vat31qW9D2/MMJKHRm
+79jGG3iJFBhx84LelwMI8ITai7lA3MlgOGvQazCrCEK5z5rnCBfLajM5rK0muUpp
+qyydSOHnz0bjaAeRlJrTBEGvnMwQlBtByv595nVzUI675DcV7G8/JM7sGTPTVLEO
+dKV+yYXAIFr8VZ7OpKFPXw4Rm5uhLLVmiJtQVhkTnHzhlrL5y0uaXdTcHG0dRT7D
+xHJhiXddWSOb+bGUuGfa7SZujKttBECsfPRn9/LFI86houmJPKRzJquFrVAvl1Sj
++5QDx/y5YA+jknP3GiENFubXiejxeg8KgYudoRqHlkAzz3vAXyZkSPZv6ulKxwv9
+H8209R4bd8F5eqcAsUiiz1EdSpypb8oTRbydBVgEaRxx5AEMAOuwmzkCsAA48AOn
+wtOHEEwNRF1lpn8tW+oidBGVAieiyo8uO5aw0Nm7EeTDfmXUfIIJz78CMyq2Tsc3
+/df38CjvEtlDjmZfLRdO5A+FEsJp4WKM9u+QMMSB25Cj9ClP2LBAeTQZkxasSt5E
+JRKw06rgzfflzjxCoDlXAAm39Bymr9MmDjl87GB69LCMFezXQlvSeZtuLrY7doX7
+ALXFmQogMAaXaC/fOIraLXufFJ+1MAjxbm/L8sF3jgeRlQse6OBZdqDVdCRiGJyH
+TjJMYbaCuN5GBs75BB0OS+4UR3VNtZQCk/LyaPsvnbONKaOeAdHJrGTEx1IaUfwa
+Ini66ObNc5DXQRykNbC7gW1ekkzwxfoWrVA9Bmfn+RZ3tAxkCGcaE8dcUGgv9Vpa
+0L+lTD59nLNZBbsmznwQUzVdBG5tqN/rjTsnBHA7aVTfVGT4SD/oKj9nxpN6/zP6
+oyFvud7XFHReLnN0LL088g43sBREJCXuLKjF25JFgbY7rDNz7wARAQABAAv+NtSu
+v9wasuqMF+Wa4xf8WB0MBwhjbBnS1MzwILkAN9Vc92NjlIKNC+JD3usGCE2fK6d5
+r6+k1K519E3X3br+IZ/AzE+1nKZOuKnvT5b/TsBQIVu3BPOQDN9DA8rIviWnvRU6
+vT6n4/HwNvY2g7skew/yitXpHUbIvJ47UYd8oH+8zsv/KiugWC+ypjHo1eEcPH1i
+MiE3d8isoa3Ls/4ExQDI+3eU0vJE1rS8ORLAuwjtZF86eILDdnPIVIVvXZdyVpYL
+hkbtJhQoUwv/EKSRJ6mkE0I9fOytiLhjl4tJxN77wir4xCmvh3xr5C8wjEKxVimJ
+rvoG3mobLCYeFOu4rdH53ZA+lZ7BDuQa657Y4Lc+H5JJLCezYVVJ66mPT/f90JVh
+oSZCwrM46USVyPMslXCmO3RQOk2y26uGUI016KCQs8lAiW5S3KoGjsAEJwoVuHIG
+Bskj6r9WxDS51VOXMEl5SIh6h8o2cSfeAMPfgMOX/z434P39z0N0UyE7aLp5BgDy
+T/h+8lbNK/TbWscxXnanAnfcL1WAbChBkXWUD+qpuXOEcKdQySHVgpUWSg5LsDhB
+1922eOoCnOkUwVQz1v+8Xd/wgNzqlZhT2TFOBg1tIlsjyoYglo1Xdo4ANBFzMnPL
+yxv+IHNM7DiU/Ayz2h+DEOWTE9QhP8a/ByErZitXvyuPO7L5q2ME5ZZSgKp9rHwC
+9aZt0iiwSAHhTL+M3seFaNXzNYW2zbbnA0t7FYXy3Wsk/Du9nDNIszd0JuGMKDcG
+APkA3mnYPm0+gvAXG+BaZe5rE6qcq4/HiwuWBKc5DhG1th/Pqj2YCw8CXcIkQiGD
+sYU3pqjtnL4iBC4flmFnfWB9s/TLBHLYzCGI0CgMGrsECo/nYR18HiABVftZVm0/
+SQ40RoRvhZxRiZnzCz8hzC73WoPWrrT+3Kn6+3wKRGR9ha3xhixP6TMsD9zXW25Z
+MUR3KYeaBVqaKxxNdYhvqKYAiEQg5HC1xQHiYvTKXH3zP5WOaXSuWXnMZJfOLXFG
+CQYA1R85fE8iN9yaqXYnvc8DeYCkcEjSPzO2/GoZPknBZ3lZ0P2hGvF4AEuI++oO
+D56tG6xACcMpCj83osVBDAjNJKOKQ/Frbs8VoiPYiKdb7gv2YErzlEX5U0lffFnF
+k237CHvgCvJThj3J/gTptx1vEzkXtPSVzrYWdz9ueomsTfVr59QgukiSLoAYirBN
+uJP6FOhTMWO5DxHRpKUjqm18Nxn7YhI/dz7Eesd+4AuEP1VloMTHacUFQYdNBMXj
+EGwE15yJAbYEGAEKACAWIQR1OlPctc/Y1rv7Xpwuc+meZV8J8wUCaRxx5AIbDAAK
+CRAuc+meZV8J8z20C/oDkym6rXH6wFFOSx1Kj/YCAFsi80L1A/MPgcQgoPTCSEGk
+stYCpGsorCFskcI5BTh5aijdIgbTEZLg/9r8Rkdl0Uyvaai4BCse7Kn5vzlU6dDi
+H8VlMOMeO8Y0PVELq0zfXYLLrDKF0xe85pZmlFIUg9Q/Bba5ElXPPDMW+WnTefeC
+o47DA7ZeFtWpF7JR3S6k6AVD3cFBPCz5A7bwhKccHOd8F0eDLpj9u6L6YNTEWERX
+sLAcgUHPTmobK0LcRG3G/CrN3XZUrjidLMLo4ucDkrhZ7qRPaUpcq/emcTuJl86f
+foAOXawmsvWa47W/YrolhSF6ECG+5P0pOuenQX56GFKSNdU39/jOeJoqcNxs3uaL
+mJA38AiibLUEv01dZjbGjTuQKXEIXyMHrEx4XLWJ4lcotJB8WLfsau7fZU4qW8IQ
+kcSE4U1neAsEJS6D/NzzFRv+82bu48HWDRi3XTrlmAUTawi2/4vQJJzpFctOa2bK
+8ck+ALgenY4Ck5oVNS4=
+=Raia
+-----END PGP PRIVATE KEY BLOCK-----

docker/config/trustedprovider/provider-config.toml

@@ -0,0 +1,102 @@
+# Set the authentication password for accessing the CSAF provider.
+# It is essential that you set a secure password between the quotation marks.
+# The default being no password set.
+password = "secretpassword"
+
+# Set the path to the public OpenPGP key.
+openpgp_public_key = "/config/public.asc"
+
+# Set the path to the private OpenPGP key.
+openpgp_private_key = "/config/private.asc"
+
+# Specify the root folder.
+folder = "/data/"
+
+# Specify the web folder.
+web = "/data/html"
+
+# Allow sending a signature with the request.
+# An additional input-field in the web interface will be shown
+# to let user enter an ascii armored OpenPGP signature.
+#upload_signature = false
+
+# Set the beginning of the URL where contents are accessible from the internet.
+# If not set, the provider will read from the $SERVER_NAME variable.
+# The following shows an example of a manually set prefix:
+#canonical_url_prefix  = "https://localhost"
+
+# Require users to use a password and a valid Client Certificate for write access.
+#certificate_and_password = false
+
+# Allow the user to send the request without having to send a passphrase
+# to unlock the the OpenPGP key.
+# If set to true, the input-field in the web interface will be omitted.
+#no_passphrase = false
+
+# Make the provider skip the validation of the uploaded CSAF document
+# against the JSON schema.
+#no_validation = false
+
+# Disable the experimental web interface.
+#no_web_ui = true
+
+# Make the provider take the publisher from the CSAF document.
+#dynamic_provider_metadata = false
+
+# Set the upload limit size of a file in bytes.
+# The default is equivalent to 50 MiB.
+#upload_limit =  52428800
+
+# Set the issuer of the CA.
+# If set, the provider restricts the writing permission and the
+# access to the web-interface to users with the client certificates
+# signed with this CA.
+# The following shows an example. As default, none is set.
+#issuer = "Example Company"
+
+# Make the provider write/update index.txt and changes.csv.
+write_indices = true
+
+# Make the provider write a `CSAF:` entry into `security.txt`.
+write_security = true
+
+# Set the TLP allowed to be send with the upload request
+# (one or more of "csaf", "white", "amber", "green", "red").
+# The "csaf" entry lets the provider take the value from the CSAF document.
+# These affect the list items in the web interface.
+#tlps = ["csaf", "white", "amber", "green", "red"]
+
+# Make the provider create a ROLIE service document.
+create_service_document = true
+
+# Make the provider create a ROLIE category document from a list of strings.
+# If a list item starts with `expr:`
+#   the rest of the string is used as a JsonPath expression
+#   to extract a string from the incoming advisories.
+# Strings not starting with `expr:` are taken verbatim.
+# By default no category documents are created.
+# This example provides an overview over the syntax,
+# adjust the parameters depending on your setup.
+#categories = ["Example Company Product A", "expr:document.lang"]
+
+# Make the provider use a remote validator service. Not used by default.
+# This example provides an overview over the syntax,
+# adjust the parameters depending on your setup.
+#[remote_validator]
+#url = "http://localhost:8082"
+#presets = ["mandatory"]
+#cache = "/var/lib/csaf/validations.db"
+
+[provider_metadata]
+# Indicate that aggregators can list us.
+list_on_CSAF_aggregators = true
+# Indicate that aggregators can mirror us.
+mirror_on_CSAF_aggregators = true
+
+# Set the publisher details.
+[provider_metadata.publisher]
+category = "vendor"
+name = "Example Company"
+namespace = "https://example.com"
+issuing_authority = "We at Example Company are responsible for publishing and maintaining Product Y."
+contact_details = "Example Company can be reached at [email protected], or via our website at https://www.example.com/contact."

docker/config/trustedprovider/public.asc

@@ -0,0 +1,40 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGkcceQBDACnvtSRICJlc5fMy4UJJ8Zjl9NaJ4xC7nw9sToSQX6XksKaKHLP
+baTFV/lJ7ZB4PAzpxFrYuH1n887ccpH2iG8M1zsIAwKNibloA/McjgK0B3hiIzgY
+Y3JeUzNwwnFFmlgzSQt0xhnPowgG67rm9RKXVoZ0GyAyI8ymaOQ9r91qToSo8bkK
+jvLTEYFXRiAYe3sAkmeEjjuE76bNVW9IzoGiG2c/olT075Xf0RI8JSnmitlap4gI
+9HtTulp59n1QGpZfTDwEAVb4i0t1XGuKyaXcZ09BoXmJj9sySmz0qSLJZhxP35CT
+dktk1EGeS2g4O1jdOiWSOU4F+GUlKT2ukURCGPpzSFpXiJPc+Y83654Af2WY34Oc
+NaIyok00tIOOb7kPJMRmJUMN1p4L0e80MscHpxnhgfbxkFVEU0r0D8VA3ZUYL9f2
+yHDc2ishQhHb86mHnsFrUkRKdGTnHM0aWiRkupo6lMbSFj3loMxGPTb0g0DReUjc
+IFJxgeNexFoRPHcAEQEAAbQMdGVzdHByb3ZpZGVyiQHOBBMBCgA4FiEEdTpT3LXP
+2Na7+16cLnPpnmVfCfMFAmkcceQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
+CgkQLnPpnmVfCfPXugv/RlVcnKkw2J3RqJCELV+XKfY4pzLPMl74wu7r9rZfJmO1
+k/jtiDk7Cdg1MLzfnk+zyEEEp0hxkFSzUWeMUck5tnxtOxLHmzmv32eiLFy7rukE
+0oP87sxB8zgK4xiDT9yRfEGCR8PdsU+L2rd9alvQ9vzDCSh0Zu/Yxht4iRQYcfOC
+3pcDCPCE2ou5QNzJYDhr0GswqwhCuc+a5wgXy2ozOaytJrlKaassnUjh589G42gH
+kZSa0wRBr5zMEJQbQcr+feZ1c1COu+Q3FexvPyTO7Bkz01SxDnSlfsmFwCBa/FWe
+zqShT18OEZuboSy1ZoibUFYZE5x84Zay+ctLml3U3BxtHUU+w8RyYYl3XVkjm/mx
+lLhn2u0mboyrbQRArHz0Z/fyxSPOoaLpiTykcyarha1QL5dUo/uUA8f8uWAPo5Jz
+9xohDRbm14no8XoPCoGLnaEah5ZAM897wF8mZEj2b+rpSscL/R/NtPUeG3fBeXqn
+ALFIos9RHUqcqW/KE0W8uQGNBGkcceQBDADrsJs5ArAAOPADp8LThxBMDURdZaZ/
+LVvqInQRlQInosqPLjuWsNDZuxHkw35l1HyCCc+/AjMqtk7HN/3X9/Ao7xLZQ45m
+Xy0XTuQPhRLCaeFijPbvkDDEgduQo/QpT9iwQHk0GZMWrEreRCUSsNOq4M335c48
+QqA5VwAJt/Qcpq/TJg45fOxgevSwjBXs10Jb0nmbbi62O3aF+wC1xZkKIDAGl2gv
+3ziK2i17nxSftTAI8W5vy/LBd44HkZULHujgWXag1XQkYhich04yTGG2grjeRgbO
++QQdDkvuFEd1TbWUApPy8mj7L52zjSmjngHRyaxkxMdSGlH8GiJ4uujmzXOQ10Ec
+pDWwu4FtXpJM8MX6Fq1QPQZn5/kWd7QMZAhnGhPHXFBoL/VaWtC/pUw+fZyzWQW7
+Js58EFM1XQRubajf6407JwRwO2lU31Rk+Eg/6Co/Z8aTev8z+qMhb7ne1xR0Xi5z
+dCy9PPION7AURCQl7iyoxduSRYG2O6wzc+8AEQEAAYkBtgQYAQoAIBYhBHU6U9y1
+z9jWu/tenC5z6Z5lXwnzBQJpHHHkAhsMAAoJEC5z6Z5lXwnzPbQL+gOTKbqtcfrA
+UU5LHUqP9gIAWyLzQvUD8w+BxCCg9MJIQaSy1gKkayisIWyRwjkFOHlqKN0iBtMR
+kuD/2vxGR2XRTK9pqLgEKx7sqfm/OVTp0OIfxWUw4x47xjQ9UQurTN9dgsusMoXT
+F7zmlmaUUhSD1D8FtrkSVc88Mxb5adN594KjjsMDtl4W1akXslHdLqToBUPdwUE8
+LPkDtvCEpxwc53wXR4MumP27ovpg1MRYRFewsByBQc9OahsrQtxEbcb8Ks3ddlSu
+OJ0swuji5wOSuFnupE9pSlyr96ZxO4mXzp9+gA5drCay9Zrjtb9iuiWFIXoQIb7k
+/Sk656dBfnoYUpI11Tf3+M54mipw3Gze5ouYkDfwCKJstQS/TV1mNsaNO5ApcQhf
+IwesTHhctYniVyi0kHxYt+xq7t9lTipbwhCRxIThTWd4CwQlLoP83PMVG/7zZu7j
+wdYNGLddOuWYBRNrCLb/i9AknOkVy05rZsrxyT4AuB6djgKTmhU1Lg==
+=LzLH
+-----END PGP PUBLIC KEY BLOCK-----

docker/config/uploader/config-create.toml

@@ -0,0 +1,14 @@
+action                 = "create"
+url                    = "http://provider.csaf.internal/cgi-bin/csaf_provider.go"
+tlp                    = "csaf"
+external_signed        = false
+no_schema_check        = false
+# key                  = "/path/to/openpgp/key/file"       # not set by default
+password               = "secretpassword" # not set by default
+# passphrase           = "OpenPGP passphrase"              # not set by default
+# client_cert          = "/path/to/client/cert"            # not set by default
+# client_key           = "/path/to/client/cert.key"        # not set by default
+# client_passphrase    = "client cert passphrase"          # not set by default
+password_interactive   = false
+passphrase_interactive = false
+insecure               = true