Project signing and verification

Project signing is a new feature developed for Red Hat Ansible Automation Platform that came out in the latest 2.3 release. It enables users to sign project-based content (think playbooks, workflows, inventories, etc.) and verify whether or not that content has remained secure. It also features a new CLI tool, ansible-sign. This blog post will explain how it works, illustrate how to implement it, and highlight a few scenarios.

Why we need signing capabilities

Organizations need to make sure their automation is tested and performing the intended tasks.  However, what if someone deploys untested automation, or worse yet, someone intentionally tries to automate something nefarious?  It might not even be intentional, but can simply be an organization using a community collection whose author removes a feature that they were using.

When organizations start adopting automation at the enterprise level, there may be hundreds to thousands of tasks being performed every hour across thousands of infrastructure nodes. How do you make sure the automation content that is being executed can be trusted? How do you know your automation is doing what you think it is? Is your organization pulling content from various sources outside of Continue reading