With each Puppet Remediate release, a digital signature is created using the private key portion of an asymmetric key. You can manually validate the signature using the public key portion of the same asymmetric key.
- Download the signature file and the public key to the same directory as
docker-compose.ymland license file.Note: For instructions on downloading the
docker-compose.ymland license files, see the instructions on how to Install Remediate on online nodes.
- Run the following command:
openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature signature docker-compose.yml
If the signature is valid, you will get the following response: