improved the error message for failed package signing (#6948)

Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
2026-05-28 04:35:48 -04:00 · 2019-12-06 09:14:39 -07:00 · 2019-12-06 09:14:39 -07:00 · 0e42a77ae6
commit 0e42a77ae6
parent 36a8001e2a
2 changed files with 10 additions and 2 deletions
--- a/cmd/helm/package.go
+++ b/cmd/helm/package.go
@ -37,6 +37,14 @@ is given, this will look at that path for a chart (which must contain a
 Chart.yaml file) and then package that directory.

 Versioned chart archives are used by Helm package repositories.
+
+To sign a chart, use the '--sign' flag. In most cases, you should also
+provide '--keyring path/to/secret/keys' and '--key keyname'.
+
+  $ helm package --sign ./mychart --key mykey --keyring ~/.gnupg/secring.gpg
+
+If '--keyring' is not specified, Helm usually defaults to the public keyring
+unless your environment is otherwise configured.
 `

 func newPackageCmd(out io.Writer) *cobra.Command {
--- a/pkg/provenance/sign.go
+++ b/pkg/provenance/sign.go
@ -169,7 +169,7 @@ func (s *Signatory) DecryptKey(fn PassphraseFetcher) error {
 	if s.Entity == nil {
 		return errors.New("private key not found")
 	} else if s.Entity.PrivateKey == nil {
-		return errors.New("provided key is not a private key")
+		return errors.New("provided key is not a private key. Try providing a keyring with secret keys")
 	}

 	// Nothing else to do if key is not encrypted.
@ -203,7 +203,7 @@ func (s *Signatory) ClearSign(chartpath string) (string, error) {
 	if s.Entity == nil {
 		return "", errors.New("private key not found")
 	} else if s.Entity.PrivateKey == nil {
-		return "", errors.New("provided key is not a private key")
+		return "", errors.New("provided key is not a private key. Try providing a keyring with secret keys")
 	}

 	if fi, err := os.Stat(chartpath); err != nil {