Skip to content

Commit 1f0efa5

Browse files
committed
feat(attestation): opt-in CAS-only attestation storage
Add a controlplane config flag attestations.skip_db_storage that, when enabled and the workflow run's CAS backend is non-inline, uploads the attestation bundle to CAS synchronously and records only the digest on the workflow run, skipping the attestation table row. Inline backends and the flag-off case keep the existing async upload and DB persistence behaviour. Refs #2126 Assisted-by: Claude Code Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
1 parent baea2db commit 1f0efa5

9 files changed

Lines changed: 410 additions & 168 deletions

File tree

app/controlplane/configs/config.devel.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -120,3 +120,6 @@ enable_profiler: true
120120
# url: http://localhost:8002/v1/authorize
121121

122122
ui_dashboard_url: http://localhost:3000
123+
124+
attestations:
125+
skip_db_storage: true

app/controlplane/configs/samples/config.yaml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,4 +101,11 @@ enable_profiler: true
101101
# This means that the controlplane will send the JWT token to a remote endpoint to verify it
102102
# federated_authentication:
103103
# enabled: true
104-
# url: http://localhost:8002/machine-identity/verify-token
104+
# url: http://localhost:8002/machine-identity/verify-token
105+
106+
# Attestation storage and processing options
107+
# attestations:
108+
# # When true, skip writing the attestation bundle to the database; the bundle is
109+
# # stored exclusively in the configured CAS backend. Has no effect when the
110+
# # workflow run's CAS backend is inline.
111+
# skip_db_storage: false

0 commit comments

Comments
 (0)