1## in-toto record start
2
3Creates a preliminary link file recording the paths and hashes of the
4passed materials and signs it with the passed functionary’s key.
5
6### Synopsis
7
8Creates a preliminary link file recording the paths and hashes of the
9passed materials and signs it with the passed functionary’s key.
10The resulting link file is stored as ‘.<name>.<keyid prefix>.link-unfinished’.
11
12```
13in-toto record start [flags]
14```
15
16### Options
17
18```
19 -h, --help help for start
20 -m, --materials stringArray Paths to files or directories, whose paths and hashes
21 are stored in the resulting link metadata before the
22 command is executed. Symlinks are followed.
23```
24
25### Options inherited from parent commands
26
27```
28 -c, --cert string Path to a PEM formatted certificate that corresponds
29 with the provided key.
30 -e, --exclude stringArray Path patterns to match paths that should not be recorded as
31 ‘materials’ or ‘products’. Passed patterns override patterns defined
32 in environment variables or config files. See Config docs for details.
33 --follow-symlink-dirs Follow symlinked directories to their targets. Note: this parameter
34 toggles following linked directories only, linked files are always
35 recorded independently of this parameter.
36 -k, --key string Path to a private key file to sign the resulting link metadata.
37 The keyid prefix is used as an infix for the link metadata filename,
38 i.e. ‘<name>.<keyid prefix>.link’. See ‘–key-type’ for available
39 formats. Passing one of ‘–key’ or ‘–gpg’ is required.
40 -l, --lstrip-paths stringArray Path prefixes used to left-strip artifact paths before storing
41 them to the resulting link metadata. If multiple prefixes
42 are specified, only a single prefix can match the path of
43 any artifact and that is then left-stripped. All prefixes
44 are checked to ensure none of them are a left substring
45 of another.
46 -d, --metadata-directory string Directory to store link metadata (default "./")
47 -n, --name string Name for the resulting link metadata file.
48 It is also used to associate the link with a step defined
49 in an in-toto layout.
50 --normalize-line-endings Enable line normalization in order to support different
51 operating systems. It is done by replacing all line separators
52 with a new line character.
53 --spiffe-workload-api-path string UDS path for SPIFFE workload API
54 --use-dsse Create metadata using DSSE instead of the legacy signature wrapper.
55```
56
57### SEE ALSO
58
59* [in-toto record](in-toto_record.md) - Creates a signed link metadata file in two steps, in order to provide
60 evidence for supply chain steps that cannot be carried out by a single command
61
View as plain text