Skip to content

Instantly share code, notes, and snippets.

@manzil-infinity180

manzil-infinity180/archivista.md

Last active November 13, 2025 19:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save manzil-infinity180/b1055fbe7258d77b97627ca594a683e5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save manzil-infinity180/b1055fbe7258d77b97627ca594a683e5 to your computer and use it in GitHub Desktop.
Download ZIP
Archivista is a graph and storage service for in-toto attestations.
Raw
archivista.md

Archivista CLI

  1. How to store the in-toto attestation to Archivista
// stores an attestation on the archivista server

$ archivistactl store <attestation.json>
$ archivistactl store build.attestation.json

build.attestation.json stored with gitoid 4462a729251af54c7699dbca2f7d5bf5759a5fc6273b3cd606da29d531387c86
  1. How to search for attestations in Archivista
// Searches the archivista instance for an envelope with a specified subject digest.
// Optionally a collection name can be provided to further constrain results.

$ archivistactl search <algo:digest>
$ archivistactl search sha256:423da4cff198bbffbe3220ed9510d32ba96698e4b1f654552521d1f541abb6dc

Gitoid: 4462a729251af54c7699dbca2f7d5bf5759a5fc6273b3cd606da29d531387c86
Collection name: build
Attestations: https://witness.dev/attestations/git/v0.1, https://witness.dev/attestations/environment/v0.1, https://witness.dev/attestations/command-run/v0.1, https://witness.dev/attestations/product/v0.1, https://witness.dev/attestations/material/v0.1
  1. How to retrieve attestations from Archivista
  • Using subjects
// Retrieves all subjects on an in-toto statement by the envelope gitoid

$ archivistactl retrieve subjects <gitpoid>
$ archivistactl retrieve subjects 4462a729251af54c7699dbca2f7d5bf5759a5fc6273b3cd606da29d531387c86

Name: https://witness.dev/attestations/git/v0.1/committeremail:mswift@mswift.dev
Digests: sha256:408404e7a66b471e5630e801c93af66fb9cb01771982ae90b6f755e104281887
Name: https://witness.dev/attestations/product/v0.1/file:testapp
Digests: gitoid:sha256:gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813, gitoid:sha1:gitoid:blob:sha1:85e3a023c97c8aadace2d8c959535abffbf4e175, sha256:423da4cff198bbffbe3220ed9510d32ba96698e4b1f654552521d1f541abb6dc
Name: https://witness.dev/attestations/git/v0.1/parenthash:aa35c1f4b1d41c87e139c2d333f09117fd0daf4f
Digests: sha256:0bc136f5509e96fc8aa290f175428d643a0e65d8e6b61586ad60e9ec983a3370
Name: https://witness.dev/attestations/git/v0.1/commithash:be20100af602c780deeef50c54f5338662ce917c
Digests: sha1:be20100af602c780deeef50c54f5338662ce917c
Name: https://witness.dev/attestations/git/v0.1/authoremail:snyk-bot@snyk.io
Digests: sha256:ee48369be6072c1a49ba519b2eef9272235b0d925a6e7a338f7ffc12a2ca538e
  • Using envelope
//Retrieves a dsse envelope by it's gitoid from archivista

$ archivistactl retrieve envelope <gitpoid>
$ archivistactl retrieve envelope 4462a729251af54c7699dbca2f7d5bf5759a5fc6273b3cd606da29d531387c86

{"payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJodHRwczovL3dpdG5lc3MuZGV2L2F0dGVzdGF0aW9ucy9wcm9kdWN0L3YwLjEvZmlsZ ...

Archivista Endpoints

  1. Get: /v1/download/{gitpoid}
curl <archivista_domain>/v1/download/{gitpoid}

curl localhost:8082/v1/download/4462a729251af54c7699dbca2f7d5bf5759a5fc6273b3cd606da29d531387c86

// Output
{"payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9Td...
  1. Post: /v1/query/
// Query subjects directly
curl -X POST http://localhost:8082/query \
  -H "Content-Type: application/json" \
  -d '{"query":"{ subjects { edges { node { name subjectDigests { algorithm value } } } } }"}'
  • Output
{"data":{"subjects":{"edges":[{"node":{"name":"https://witness.dev/attestations/git/v0.1/committeremail:[email protected]","subjectDigests":[{"algorithm":"sha256","value":"408404e7a66b471e5630e801c93af66fb9cb01771982ae90b6f755e104281887"}]}},{"node":{"name":"https://witness.dev/attestations/product/v0.1/file:testapp","subjectDigests":[{"algorithm":"gitoid:sha256","value":"gitoid:blob:sha256:473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813"},{"algorithm":"gitoid:sha1","value":"gitoid:blob:sha1:85e3a023c97c8aadace2d8c959535abffbf4e175"},{"algorithm":"sha256","value":"423da4cff198bbffbe3220ed9510d32ba96698e4b1f654552521d1f541abb6dc"}]}},{"node":{"name":"https://witness.dev/attestations/git/v0.1/parenthash:aa35c1f4b1d41c87e139c2d333f09117fd0daf4f","subjectDigests":[{"algorithm":"sha256","value":"0bc136f5509e96fc8aa290f175428d643a0e65d8e6b61586ad60e9ec983a3370"}]}},{"node":{"name":"https://witness.dev/attestations/git/v0.1/commithash:be20100af602c780deeef50c54f5338662ce917c","subjectDigests":[{"algorithm":"sha1","value":"be20100af602c780deeef50c54f5338662ce917c"}]}},{"node":{"name":"https://witness.dev/attestations/git/v0.1/authoremail:snyk-bot@snyk.io","subjectDigests":[{"algorithm":"sha256","value":"ee48369be6072c1a49ba519b2eef9272235b0d925a6e7a338f7ffc12a2ca538e"}]}}]}}}
  1. Post: /v1/upload
curl -X POST http://localhost:8082/v1/upload \
  -H "Content-Type: application/json" \
  --data-binary "@k8s-att.json"       
  
{"gitoid":"72d838472bf801f74dfdc94e4ac8c8c3511da28e0b8af577428114afcf8fcd39"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment