[ aws . signer ]

put-signing-profile

Description

Creates a signing profile. A signing profile is a code signing template that can be used to carry out a pre-defined signing job. For more information, see http://docs.aws.amazon.com/signer/latest/developerguide/gs-profile.html

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  put-signing-profile
--profile-name <value>
[--signing-material <value>]
[--signature-validity-period <value>]
--platform-id <value>
[--overrides <value>]
[--signing-parameters <value>]
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--profile-name (string)

The name of the signing profile to be created.

--signing-material (structure)

The AWS Certificate Manager certificate that will be used to sign code with the new signing profile.

certificateArn -> (string)

The Amazon Resource Name (ARN) of the certificates that is used to sign your code.

Shorthand Syntax:

certificateArn=string

JSON Syntax:

{
  "certificateArn": "string"
}

--signature-validity-period (structure)

The default validity period override for any signature generated using this signing profile. If unspecified, the default is 135 months.

value -> (integer)

The numerical value of the time unit for signature validity.

type -> (string)

The time unit for signature validity.

Shorthand Syntax:

value=integer,type=string

JSON Syntax:

{
  "value": integer,
  "type": "DAYS"|"MONTHS"|"YEARS"
}

--platform-id (string)

The ID of the signing platform to be created.

--overrides (structure)

A subfield of platform . This specifies any different configuration options that you want to apply to the chosen platform (such as a different hash-algorithm or signing-algorithm ).

signingConfiguration -> (structure)

A signing configuration that overrides the default encryption or hash algorithm of a signing job.

encryptionAlgorithm -> (string)

A specified override of the default encryption algorithm that is used in a code signing job.

hashAlgorithm -> (string)

A specified override of the default hash algorithm that is used in a code signing job.

signingImageFormat -> (string)

A signed image is a JSON object. When overriding the default signing platform configuration, a customer can select either of two signing formats, JSONEmbedded or JSONDetached . (A third format value, JSON , is reserved for future use.) With JSONEmbedded , the signing image has the payload embedded in it. With JSONDetached , the payload is not be embedded in the signing image.

Shorthand Syntax:

signingConfiguration={encryptionAlgorithm=string,hashAlgorithm=string},signingImageFormat=string

JSON Syntax:

{
  "signingConfiguration": {
    "encryptionAlgorithm": "RSA"|"ECDSA",
    "hashAlgorithm": "SHA1"|"SHA256"
  },
  "signingImageFormat": "JSON"|"JSONEmbedded"|"JSONDetached"
}

--signing-parameters (map)

Map of key-value pairs for signing. These can include any information that you want to use during signing.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--tags (map)

Tags to be associated with the signing profile that is being created.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To create a signing profile

The following put-signing-profile example creates a signing profile using the specified certificate and platform.

aws signer put-signing-profile \
    --profile-name MyProfile6 \
    --signing-material certificateArn=arn:aws:acm:us-west-2:123456789012:certificate/6a55389b-306b-4e8c-a95c-0123456789abc \
    --platform AmazonFreeRTOS-TI-CC3220SF

Output:

{
    "arn": "arn:aws:signer:us-west-2:123456789012:/signing-profiles/MyProfile6"
}

Output

arn -> (string)

The Amazon Resource Name (ARN) of the signing profile created.

profileVersion -> (string)

The version of the signing profile being created.

profileVersionArn -> (string)

The signing profile ARN, including the profile version.