cilock CLI reference
Source of truth:
rookery/cilock/cmd/cilock/main.goandrookery/cilock/internal/cmd/. All defaults and flag names below matchcilock 1.0.1.
cilock - Collect and verify attestations about your build environments
Cilock attestation types use the https://aflock.ai/attestations/<name>/v0.1 namespace. Witness-style URLs (https://witness.dev/attestations/<name>/v0.1) are accepted via legacy aliases for interop with witness-produced evidence.
Top-level commandsโ
| Command | Purpose |
|---|---|
cilock run [cmd] | Run a command and record signed attestations about its execution. |
cilock sign [file] | Sign an arbitrary file (typically a policy) with the configured signer. |
cilock verify | Verify attestations against a signed policy. |
cilock attestors list | List every attestor compiled into the binary. |
cilock attestors schema <name> | Print the JSON schema of a specific attestor's predicate. |
cilock policy validate | Validate a Witness/cilock policy document (schema only, no signature check). |
cilock completion <shell> | Emit shell completion script (bash, zsh, fish, powershell). |
cilock version | Print the cilock version. |
Global flagsโ
These persistent flags are accepted on every subcommand:
| Flag | Default | Notes |
|---|---|---|
--config, -c <path> | .witness.yaml | Path to a YAML config file with persisted flag values. The .witness.yaml name is a legacy from the witness lineage; not yet renamed to .cilock.yaml. |
--log-level, -l <level> | info | One of debug, info, warn, error. |
--debug-cpu-profile-file <path> | (none) | Write a CPU pprof profile to this path. Profiling enabled when non-empty. |
--debug-mem-profile-file <path> | (none) | Write a heap pprof profile to this path. Profiling enabled when non-empty. |
cilock run [cmd]โ
Runs the provided command and records attestations about the execution.
Always-run attestors (cannot be omitted): material, product, and (when args are provided) command-run. Trying to pass command-run via --attestations is rejected.
Only one signer is supported per run invocation (enforced at cilock/internal/cmd/run.go:71-73).
Common flagsโ
| Flag | Short | Default | Description |
|---|---|---|---|
--step <name> | -s | (required) | Step name; must match a step in your verification policy. |
--attestations <list> | -a | environment,git | Comma-separated list of additional attestors to enable (cobra StringSlice semantics). |
--workingdir <dir> | -d | current dir | Working directory for material/product capture. |
--outfile <path> | -o | stdout | Path for the signed DSSE envelope. |
--trace | -r | false | Enable process tracing (ptrace, Linux-only; no-op elsewhere). |
--hashes <list> | (none) | sha256 | Hash algorithms used in digests (comma-separated). |
--dirhash-glob <list> | (none) | (none) | Globs for which directories should be hashed as a single unit. |
--timestamp-servers <list> | -t | (none) | RFC 3161 TSA URLs (comma-separated; repeatable). |
--enable-archivista | (none) | false | Push the signed envelope to Archivista. |
--archivista-server <url> | (none) | https://platform.testifysec.com/archivista | Archivista server URL (derived from --platform-url if not explicitly set). |
--archivista-headers <h> | (none) | (none) | Repeatable Authorization: ... headers for Archivista. |
--archivista-oidc | (none) | false | Use GitHub Actions OIDC for Archivista auth (auto-enabled in GitHub Actions). |
--archivista-audience <aud> | (none) | Archivista server URL | OIDC audience claim. |
--platform-url <url> | (none) | https://platform.testifysec.com | TestifySec platform URL; archivista, fulcio, and TSA URLs are derived from it if unset. |
--env-filter-sensitive-vars | (none) | false | Remove sensitive env vars from output rather than obfuscating. |
--env-add-sensitive-key <key> | (none) | (none) | Add a name or glob (e.g. *TOKEN*) to the sensitive env list (repeatable). |
--env-allow-sensitive-key <key> | (none) | (none) | Whitelist a specific key from the sensitive list. |
--env-disable-default-sensitive-vars | (none) | false | Disable cilock's default sensitive-var list entirely. |
Plus the signer flags (see below) and attestor-specific flags prefixed --attestor-<name>-* (e.g. --attestor-secretscan-fail-on-detection, --attestor-product-include-glob).
Signer selectionโ
Cilock loads signers based on which --signer-*-* flags are set. Available signer providers (from the binary's plugin registration):
file:--signer-file-key-path,--signer-file-cert-path,--signer-file-intermediate-paths,--signer-file-key-passphrase,--signer-file-key-passphrase-pathfulcio:--signer-fulcio-url,--signer-fulcio-oidc-issuer,--signer-fulcio-oidc-client-id,--signer-fulcio-oidc-redirect-url,--signer-fulcio-token,--signer-fulcio-token-path,--signer-fulcio-use-http(defaulttrue)spiffe:--signer-spiffe-socket-path(must haveunix://ortcp://scheme)kmswith--signer-kms-refusing URI schemeawskms://,gcpkms://,azurekms://, orhashivault://- AWS sub-flags:
--signer-kms-aws-profile,--signer-kms-aws-credentials-file,--signer-kms-aws-config-file,--signer-kms-aws-insecure-skip-verify,--signer-kms-aws-remote-verify - GCP sub-flags:
--signer-kms-gcp-credentials-file - Azure sub-flags:
--signer-kms-azure-azure-remote-verify - Hashivault (Transit engine) sub-flags:
--signer-kms-hashivault-addr,--signer-kms-hashivault-token-file,--signer-kms-hashivault-auth-method,--signer-kms-hashivault-role,--signer-kms-hashivault-kubernetes-auth-mount-path,--signer-kms-hashivault-kubernetes-service-account-token-path,--signer-kms-hashivault-transit-secret-engine-path - Generic sub-flags:
--signer-kms-hashType(defaultsha256),--signer-kms-keyVersion
- AWS sub-flags:
vault(PKI engine):--signer-vault-url,--signer-vault-token,--signer-vault-role,--signer-vault-namespace,--signer-vault-altnames,--signer-vault-commonname,--signer-vault-pki-secrets-engine-path(defaultpki),--signer-vault-ttldebug-signer:--signer-debug-enabled(development only; ephemeral keypair)
For the full URI conventions, see signing & identity.
cilock sign [file]โ
Signs a file with the provided key source and outputs the signed file to the specified destination.
Wraps an arbitrary file in a DSSE envelope. Used most commonly to sign a policy document before distribution. Same signer-selection model as run. Only one signer per invocation.
| Flag | Short | Default | Description |
|---|---|---|---|
--infile <path> | -f | (required) | File to sign (typically the policy JSON). |
--outfile <path> | -o | stdout | Destination for the signed DSSE envelope. |
--datatype <uri> | -t | https://witness.testifysec.com/policy/v0.1 | DSSE payloadType. Default is the witness policy type for backward compatibility; cilock also accepts https://aflock.ai/policy/v0.1. |
cilock verifyโ
Verifies attestation collections against a signed policy.
| Flag | Short | Description |
|---|---|---|
--policy <path> | -p | Path to the signed DSSE policy envelope. |
--publickey <path> | -k | Path to the policy signer's public key (PEM). |
--attestations <list> | -a | Attestation envelope files (comma-separated; repeatable). |
--artifactfile <path> | -f | Path to the artifact subject to verify. |
--subjects <list> | -s | Additional subjects to use when looking up attestations (e.g. sha1:$COMMIT). More reliable than --artifactfile in multi-stage pipelines. |
--directory-path <path> | (none) | Path to a directory subject (for material/product matching). |
--enable-archivista + --archivista-server | (none) | Pull collections from Archivista by subject digest instead of (or in addition to) file paths. |
--policy-ca-roots <list> | (none) | X.509 roots for verifying a policy signed via x.509 cert (replaces the deprecated --policy-ca). |
--policy-ca-intermediates <list> | (none) | Intermediate CAs for the policy cert chain. |
--policy-commonname, --policy-dns-names, --policy-emails, --policy-organizations, --policy-uris | (none) | Cert-constraint fields when the policy is signed with x.509. |
--policy-fulcio-oidc-issuer, --policy-fulcio-build-trigger, --policy-fulcio-run-invocation-uri, --policy-fulcio-source-repository-{ref,identifier,digest} | (none) | Fulcio-specific cert-constraint fields. |
--policy-timestamp-servers <list> | (none) | Trusted TSA CA cert paths for verifying timestamped policies. |
--verifier-kms-* | (none) | Same shape as --signer-kms-*, used when the policy's public key is referenced by a KMS URI. |
Full verifier flag list is in cilock/internal/options/verify.go.
Exit code 0 on policy pass, non-zero on any verification failure or error.
cilock attestors listโ
Prints a box-drawn table of every attestor compiled into the binary:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโ�โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโ
โ NAME โ TYPE โ RUN TYPE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโค
โ git (default) โ https://aflock.ai/attestations/git/v0.1 โ prematerial โ
โ environment (default) โ https://aflock.ai/attestations/environment/v0.1 โ prematerial โ
โ material (always run) โ https://aflock.ai/attestations/material/v0.1 โ material โ
โ command-run (always run) โ https://aflock.ai/attestations/command-run/v0.1 โ execute โ
โ product (always run) โ https://aflock.ai/attestations/product/v0.1 โ product โ
โ ... โ ... โ ... โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโ
Run types are lowercase strings: prematerial, material, execute, product, postproduct, verify.
Markers: (always run) means the attestor runs on every cilock run; (default) means it's enabled by default and you don't need to pass it via --attestations. The full catalog is in the attestor catalog.
cilock attestors schema <name>โ
Prints the JSON Schema document for the named attestor's predicate. Useful for writing Rego policies against a specific schema.
cilock policy validate <path>โ
Validates a Witness/cilock policy document for schema correctness. Does not perform signature verification.
cilock completion <shell>โ
Standard cobra completion. Supported shells: bash, zsh, fish, powershell.
cilock versionโ
Prints cilock <version>. The version string is injected at build time via -ldflags="-X 'github.com/aflock-ai/rookery/cilock/internal/cmd.Version=<version>'".
Configuration fileโ
Cilock supports a YAML config file at .witness.yaml (legacy name from the witness lineage). The schema mirrors the CLI flag names. See Configuration for the full schema and override behavior.