|
| 1 | +--- |
| 2 | +sidebar_position: 3 |
| 3 | +title: Quickstart |
| 4 | +--- |
| 5 | + |
| 6 | +# Quickstart |
| 7 | + |
| 8 | +In this quickstart, we will install Chainloop and make our first attestation: |
| 9 | + |
| 10 | +1. Install Chainloop. This quick snippet will get you through the process: |
| 11 | + ```bash |
| 12 | + curl -sfL https://docs.chainloop.dev/install.sh | bash -s |
| 13 | + ``` |
| 14 | + Refer to [these instructions](/getting-started/installation) for more installation options. |
| 15 | + |
| 16 | +2. Authenticate to the Control Plane via OIDC by running: |
| 17 | + ```bash |
| 18 | + chainloop auth login |
| 19 | + ``` |
| 20 | + This will create a personal token that you will use in operations not related to attestations. |
| 21 | + |
| 22 | +3. Create a new Chainloop workflow. |
| 23 | + ```bash |
| 24 | + chainloop wf create --name mywf --project myproject |
| 25 | + ``` |
| 26 | + Chainloop workflows represent any CI or process you might want to attest. |
| 27 | + Check [this doc](/getting-started/workflow-definition) |
| 28 | + for a complete explanation of Workflows and Contracts. |
| 29 | + You might also want to check our [contract reference](/reference/operator/contract). |
| 30 | + |
| 31 | +4. Create API token to perform the attestation process: |
| 32 | + ```bash |
| 33 | + export CHAINLOOP_TOKEN=$(chainloop org api-token create --name test-api-token -o json | jq -r ".[].jwt") |
| 34 | + ``` |
| 35 | + CHAINLOOP_TOKEN environment variable is commonly used from CI/CD scenarios, where a personal token is not available. |
| 36 | + Tokens have narrower permissions, ensuring that they can only perform the operations they are granted to. |
| 37 | + More information in [API tokens](/reference/operator/api-tokens#api-tokens). |
| 38 | + |
| 39 | +5. Perform an attestation: |
| 40 | + |
| 41 | + First, let's [initiate the attestation](/getting-started/attestation-crafting#initialization). |
| 42 | + ```bash |
| 43 | + chainloop att init --workflow-name mywf |
| 44 | + ``` |
| 45 | +
|
| 46 | + Once attestation is initiated, we can start [adding materials](/getting-started/attestation-crafting#adding-materials) to it. |
| 47 | + In this case we are adding an OCI container image. |
| 48 | + Many other material types are supported, check the [updated the list](/reference/operator/contract#material-schema) |
| 49 | + ```bash |
| 50 | + chainloop att add --value "ghcr.io/chainloop-dev/chainloop/control-plane:latest" |
| 51 | + ``` |
| 52 | +
|
| 53 | + And finally [we sign and push the attestation](/getting-started/attestation-crafting#encode-sign-and-push-attestation) to Chainloop for permanent preservation. |
| 54 | + ```bash |
| 55 | + chainloop att push |
| 56 | + ``` |
| 57 | + Note that, in this example, we are not specifying any private key for signing. |
| 58 | + This will make the CLI to work in key-less mode, generating an ephemeral certificate, |
| 59 | + signed by Chainloop CA, to ensure the trust chain, and finally using it for the signature. |
0 commit comments