sopSeed OCI Image (Dockerfile)

Features

The sopSeed OCI image provides:

Lightweight Design - Minimal Alpine-based image with essential tools only
Security First - Built-in vulnerability scanning using Aqua Security's trivy, failing builds if security issues are found
Production Ready - Sensible defaults for both interactive use and automation

The sopSeed OCI images are signed and attested using Docker's SBOM and provenance features. The SBOM and provenance can be verified using Docker's built-in tools.

Interactive Usage Examples

The sopSeed OCI image is published to GitHub Packages registry.

Note: In below examples, replace {version} with the desired version tag, e.g., 0.1.0.

Show GPG Version

docker run --rm -it ghcr.io/ossfellow/sopseed:{version} gpg --version

List GPG keys

docker run --rm -it -v /local/gpg/keys/store:/home/secops/.gnupg ghcr.io/ossfellow/sopseed:{version} gpg --list-keys
docker run --rm -it -v /local/gpg/keys/store:/home/secops/.gnupg ghcr.io/ossfellow/sopseed:{version} gpg --list-secret-keys

Generate a GPG key (ed25519/cv25519)

docker run --rm -it -v /local/gpg/keys/store:/home/secops/.gnupg ghcr.io/ossfellow/sopseed:{version} gpg --quick-gen-key --batch --passphrase "" "masoudbahar (test key)" future-default default never
docker run --rm -it -v /local/gpg/keys/store:/home/secops/.gnupg ghcr.io/ossfellow/sopseed:{version} gpg --full-gen-key --expert

Note: ECDSA and RSA keys are supported too, but ECDH (ed25519/cv25519) is preferred.

Get GPG key fingerprint

KEY_FP=$(docker run --rm -it -v /local/gpg/keys/store:/home/secops/.gnupg ghcr.io/ossfellow/sopseed:{version} gpg --with-colons --fingerprint masoudbahar | grep fpr | cut -d ':' -f 10 | head -1)

Export GPG public key

docker run --rm -it -v /local/gpg/keys/store:/home/secops/.gnupg -v $(pwd)/keys:/keys ghcr.io/ossfellow/sopseed:{version} gpg --export --armor "${KEY_FP}" > keys/public.asc

Show Age version

docker run --rm -it ghcr.io/ossfellow/sopseed:{version} age --version

Generate an Age key (X25519)

docker run --rm -it -v /local/age/keys/store:/home/secops/age ghcr.io/ossfellow/sopseed:{version} age-keygen -o /home/secops/age/age.agekey

Export Age public key

docker run --rm -it -v /local/age/keys/store:/home/secops/age ghcr.io/ossfellow/sopseed:{version} cat /home/secops/age/age.agekey | grep "public key:" | awk '{print $3}'

Verify Image Authenticity

To verify the authenticity of the image using Docker's SBOM and provenance features:

docker sbom ghcr.io/ossfellow/sopseed:{version}
docker trust inspect --pretty ghcr.io/ossfellow/sopseed:{version}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

sopSeed OCI Image (Dockerfile)

Features

Interactive Usage Examples

Show GPG Version

List GPG keys

Generate a GPG key (ed25519/cv25519)

Get GPG key fingerprint

Export GPG public key

Show Age version

Generate an Age key (X25519)

Export Age public key

Verify Image Authenticity

Files

README.md

Latest commit

History

README.md

File metadata and controls

sopSeed OCI Image (Dockerfile)

Features

Interactive Usage Examples

Show GPG Version

List GPG keys

Generate a GPG key (ed25519/cv25519)

Get GPG key fingerprint

Export GPG public key

Show Age version

Generate an Age key (X25519)

Export Age public key

Verify Image Authenticity