Add verification instructions for ingestion rpms

Chris Pangalos · Chris Pangalos · commit fc4e86ce9233 · 2024-03-22T13:19:14.000Z
diff --git a/articles/operator-insights/set-up-ingestion-agent.md b/articles/operator-insights/set-up-ingestion-agent.md
@@ -44,6 +44,20 @@ Download the RPM for the ingestion agent using the details you received as part
 
 Links to the current and previous releases of the agents are available below the heading of each [release note](ingestion-agent-release-notes.md). If you're looking for an agent version that's more than 6 months old, check out the [release notes archive](ingestion-agent-release-notes-archive.md).
 
+### Verify the authenticity of the RPM (optional)
+
+Before you install the RPM, you can verify that it's the correct version and hasn't been tampered with.
+
+This can be done using the public key file provided by Microsoft, which is available at [https://packages.microsoft.com/keys/microsoft.asc](https://packages.microsoft.com/keys/microsoft.asc).
+
+To verify, perform the following steps once the agent has been downloaded:
+
+1. Download the provided public key (microsoft.asc)
+1. Import the public key to the GPG keyring
+    - `gpg --import microsoft.asc`
+1. Verify the RPM signature matches the public key
+    - `rpm --checksig <path-to-rpm>`
+
 ## Set up authentication to Azure
 
 You must have a service principal with a certificate credential that can access the Azure Key Vault created by the Data Product to retrieve storage credentials. Each agent must also have a copy of a valid certificate and private key for the service principal stored on this virtual machine.
diff --git a/articles/operator-insights/upgrade-ingestion-agent.md b/articles/operator-insights/upgrade-ingestion-agent.md
@@ -22,6 +22,20 @@ Obtain the latest version of the ingestion agent RPM from [https://go.microsoft.
 
 Links to the current and previous releases of the agents are available below the heading of each [release note](ingestion-agent-release-notes.md). If you're looking for an agent version that's more than 6 months old, check out the [release notes archive](ingestion-agent-release-notes-archive.md).
 
+### Verify the authenticity of the RPM (optional)
+
+Before you install the RPM, you can verify that it's the correct version and hasn't been tampered with.
+
+This can be done using the public key file provided by Microsoft, which is available at [https://packages.microsoft.com/keys/microsoft.asc](https://packages.microsoft.com/keys/microsoft.asc).
+
+To verify, perform the following steps once the agent has been downloaded:
+
+1. Download the provided public key (microsoft.asc)
+1. Import the public key to the GPG keyring
+    - `gpg --import microsoft.asc`
+1. Verify the RPM signature matches the public key
+    - `rpm --checksig <path-to-rpm>`
+
 ## Upgrade the agent software
 
 To upgrade to a new release of the agent, repeat the following steps on each VM that has the old agent.
