zarf package verify
Verify the signature and integrity of a Zarf package
Verify the cryptographic signature (if signed) and checksum integrity of a Zarf package. Returns exit code 0 if valid, non-zero if verification fails.
zarf package verify PACKAGE_SOURCE [flags]# Verify a signed package$ zarf package verify zarf-package-demo-amd64-1.0.0.tar.zst --key ./public-key.pub
# Verify an unsigned package (checksums only)$ zarf package verify zarf-package-demo-amd64-1.0.0.tar.zst -h, --help help for verify -k, --key string Public key for signature verification --oci-concurrency int Number of concurrent layer operations when pulling or pushing images or packages to/from OCI registries. (default 6) -a, --architecture string Architecture for OCI images and Zarf packages --features stringToString [ALPHA] Provide a comma-separated list of feature names to bools to enable or disable. Ex. --features "foo=true,bar=false,baz=true" (default []) --insecure-skip-tls-verify Skip checking server's certificate for validity. This flag should only be used if you have a specific reason and accept the reduced security posture. --log-format string Select a logging format. Defaults to 'console'. Valid options are: 'console', 'json', 'dev'. (default "console") -l, --log-level string Log level when running Zarf. Valid options are: warn, info, debug, trace (default "info") --no-color Disable terminal color codes in logging and stdout prints. --plain-http Force the connections over HTTP instead of HTTPS. This flag should only be used if you have a specific reason and accept the reduced security posture. --tmpdir string Specify the temporary directory to use for intermediate files --zarf-cache string Specify the location of the Zarf cache directory (default "~/.zarf-cache")- zarf package - Zarf package commands for creating, deploying, and inspecting packages