chore: add readme

misc/hashitalk_secure2024/nacp.conf.hcl

@@ -10,9 +10,7 @@ validator "opa" "enforce_digest" {
   }
 }
 
-
-
-
+/* //PART2
 validator "opa" "verify_image" {
 
   opa_rule {
@@ -29,3 +27,4 @@ validator "opa" "verify_image" {
     trust_policy_file = "/Users/max/Library/Application Support/notation/trustpolicy.json"
   }
 }
+*/

misc/hashitalk_secure2024/readme.md

@@ -0,0 +1,51 @@
+# HashiTalks Secure 2024
+
+This is the demo code for my HashiTalks Secure 2024 talk.
+
+## Full example
+
+Start Nomad in dev mode
+```bash
+sudo nomad agent -dev -bind=0.0.0.0
+```
+
+Start NACP
+```bash
+nacp -config nacp.conf.hcl
+```
+
+Run the registry job (port 5000 on macos requires to disable airdrop receiver otherwise it gets wired)
+```bash
+nomad run registry.nomad
+```
+
+```bash
+
+
+docker build -t localhost:5000/my-app:v1 .
+
+docker push localhost:5000/my-app:v1
+
+nomad run demo.nomad
+
+# full diget image reference
+docker inspect --format='{{index .RepoDigests 0}}' localhost:5000/my-app:v1
+
+# update demo with digest (image=...)
+nomad run demo.nomad
+
+nomad run -purge demo
+
+# generate certs
+notation cert generate-test --default "wabbit-networks.io"
+
+# update nacp config (remove part2 comment block)
+
+nomad run demo.nomad
+
+
+grype <digest>
+
+notation sign <digest>
+
+nomad run demo.nomad