Skip to content

Commit

Permalink
Update docs with verification-failure-behavior
Browse files Browse the repository at this point in the history
  • Loading branch information
ivannalisetska committed Sep 6, 2024
1 parent af01af2 commit 6ee2eeb
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions pages/agent/v3/signed_pipelines.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,14 @@ verification-jwks-file=<path to public key set>

This ensures that whenever those agents upload steps to Buildkite, they'll generate signatures using the private key you generated earlier. It also ensures that those agents verify the signatures of any steps they run, using the public key.

```ini
verification-failure-behavior=<warn>
```

This setting determines the BuildKite agent’s response when it receives a job without a proper signature. It specifies how strictly the agent should enforce signature verification for incoming jobs. The agent will warn about the missing signature but will still proceed with executing the job. If not explicitly specified, the default behavior is `block`, which will prevent any job without a signature from running, ensuring a secure pipeline environment by default.



On instances that verify jobs, add:

```ini
Expand Down

0 comments on commit 6ee2eeb

Please sign in to comment.