chore: merge with main

Author: vburckhardt

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-05-07T11:31:16Z",
+  "generated_at": "2024-05-07T12:00:08Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -82,23 +82,23 @@
         "hashed_secret": "bbc4e9d52252171a3a306be55086c65b126189e8",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 37,
+        "line_number": 38,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d9e9019d9eb455a3d72a3bc252c26927bb148a10",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 54,
+        "line_number": 55,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b13d7622394e85c3b2694f426bc096b093764462",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 58,
+        "line_number": 59,
         "type": "Secret Keyword",
         "verified_result": null
       }

README.md

@@ -29,6 +29,7 @@ Before deploying the stack, ensure you have:
 * Ensure that the prefix is globally unique. It is used for the container registry namespace (which needs to be globally unique) in this alpha version.
 * If specifying `existing_secrets_manager_crn`, the `ibmcloud_api_key` that is passed as an input must have the documented read and write access to the instance.
 * If specifying `existing_secrets_manager_crn`, ensure that the default security group does not contain secrets named `signing-key` and `ibmcloud-api-key`. The RAG DA currently always attempts to create a secret with those names (temporary issue - to be fixed).
+* The signing key is the base64 key obtained from the `gpg --export-secret-key <Email Address> | base64` command. See https://cloud.ibm.com/docs/devsecops?topic=devsecops-devsecops-image-signing#cd-devsecops-gpg-export for details.
 
 ```json
 {