Provenance Registry Artifact Attestation
ARTIFACT

s3-bucket-module-v1.0.0.tar.gz

terraform-modules / v1.0.0 / s3-bucket-module-v1.0.0.tar.gz
Published:

Archive Details

Archive
12 KB
# Download and verify checksum
curl -LO https://artifacts.patterneddesigns.ca/terraform-modules/v1.0.0/s3-bucket-module-v1.0.0.tar.gz
echo "abc123def456789012345678901234567890abcdef123456789012345678901234  s3-bucket-module-v1.0.0.tar.gz" | sha256sum -c

Digests

Content-addressed checksums for verifying artifact integrity.

abc123def456789012345678901234567890abcdef123456789012345678901234
def789ghi012345678901234567890abcdef123456789012345678901234567890123456789abcdef012345
jkl678mno901234567890abcdef123456789012345678901234
# Download artifact
curl -O https://artifacts.patterneddesigns.ca/terraform-modules/v1.0.0/s3-bucket-module-v1.0.0.tar.gz

# Verify SHA-256
sha256sum s3-bucket-module-v1.0.0.tar.gz
# Expected: abc123def456789012345678901234567890abcdef123456789012345678901234

Signatures & Trust

Cryptographic signatures binding this artifact to publisher identities.

AureliaSRS Primary Key
pgp 
4096R/ABCD1234
1234 5678 90AB CDEF 1234 5678 90AB CDEF 1234 5678
Key Locations:
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEexamplefingerprinthere1234567890ABCDEF
exampleSignatureDataHere1234567890ABCDEFGHIJKLMNOPQRSTUV
WXYZ0123456789abcdefghijklmnopqrstuvwxyz1234567890ABCD
EFGHIJKLMNOPQRSTUVWXYZexample1234567890ABCDEFGHIJKLMexam
pleSignatureBlockContinuesHere567890ABCDEFGHIJKLMNOPQRSTUV
WXYZfinalExampleBlock1234567890==
-----END PGP SIGNATURE-----

# Import key
gpg --keyserver keys.openpgp.org --recv-keys 4096R/ABCD1234

# Verify signature
gpg --verify signature.asc artifact.tar.gz
AureliaSRS Backup Key
pgp 
2048R/WXYZ9876
9876 5432 10FE DCBA 9876 5432 10FE DCBA 9876 5432
Key Locations:
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEbackupKeyfingerprinthere9876543210FE
backupSignatureDataHere9876543210FEDCBAZYXWVUTSRQPONMLK
JIHGFEDCBA0123456789backupExampleData9876543210FEDCBAZY
XWVUTSRQPONMLKJIHGFEDCBAbackup==
-----END PGP SIGNATURE-----

# Import key
gpg --keyserver keys.openpgp.org --recv-keys 2048R/WXYZ9876

# Verify signature
gpg --verify signature.asc artifact.tar.gz
Sigstore Rekor Transparency Log transparency-log

Artifact logged in public transparency log with entry ID 1234567890abcdef

View Record
Trivy Security Scanner vulnerability-scan

No critical vulnerabilities detected. 0 high, 0 medium, 2 low findings.

View Report

Provenance

Build metadata and supply chain context for this artifact.

Gitea Actions

OS: ubuntu-22.04

Runner: self-hosted-runner-01

Runner Version: v3.2.1

Type: gitea-actions

Gitea Version: 1.21.5

Workflow: .gitea/workflows/release.yaml

Commit: 1a2b3c4d

Repository: Internal (private)

OS: Ubuntu 22.04.3 LTS

Kernel: 5.15.0-91-generic

Architecture: x86_64

Container Runtime: docker-24.0.7

Toolchain:

ToolVersion
terraform1.6.6
tflint0.50.0
git2.43.0

Software Bill of Materials for the build environment and toolchain.

Format: cyclonedx 1.5

Digest: sha256:buildenv789ab...

Download CYCLONEDX

Format: spdx 2.3

Digest: sha256:buildenv890bc...

Download SPDX

Started: 2026-01-15 09:50

Completed: 2026-01-15 09:58

Build Node: build-node-ca-01

Reproducible: Yes

Duration: 480s

Format: cyclonedx

Digest: sha256:sbom123456789...

Download SBOM

Type: gpg

Key Management: hardware-security-module

Jurisdiction: Canada

Build Location: ca-central-1 (AWS Canada - Montreal)

Data Residency: Canada

Legal Entity: AureliaSRS Inc.

Verification

Verification Passed
Digest Verified:
Signature Verified:
Attestations Verified:
Last Verified:
Method: automated
View Verification Log
Verification results are derived and informational. Always perform independent verification using the signatures and digests above.
← All Releases JSON Spec