# Quick start

# Overview

vcn is the Command Line Interface for the CodeNotary platform. Basically, it can notarize and authenticate any of the following kind of assets:

  • a file
  • an entire directory (by prefixing the directory path with dir://)
  • a git commit (by prefixing the local git working directory path with git://)
  • a container image (by using docker:// or podman:// followed by the name of an image present in the local registry of docker or podman, respectively)

It's also possible to provide a hash value directly by using the --hash flag.

# Install the CLI

The easiest way to get vcn is to download the latest version for your platform from the release page.

Once downloaded, you can rename the binary to vcn and store it in your PATH, then run it from anywhere.

For Linux and macOS you need to mark the file as executable: chmod +x vcn

# Authenticate an asset

Authentication is always free and can be performed by anyone, anywhere, at any time. You can use vcn authenticate even without a codernotary.io account.


vcn authenticate <file>
vcn authenticate dir://<directory>
vcn authenticate docker://<imageId>
vcn authenticate podman://<imageId>
vcn authenticate git://<path_to_git_repo>
vcn authenticate --hash <hash>

To output results in json or yaml formats:

vcn authenticate --output=json <asset>
vcn authenticate --output=yaml <asset>

# Notarize an asset

Register an account with codernotary.io first.

Then start with the login command. vcn will walk you through login and importing up your secret upon initial use.

vcn login

Once your secret is set you can notarize assets like in the following examples:

vcn notarize <file>
vcn notarize dir://<directory>
vcn notarize docker://<imageId>
vcn notarize podman://<imageId>
vcn notarize git://<path_to_git_repo>
vcn notarize --hash <hash>

By default all assets are notarized private, so not much information is disclosed about the asset. If you want to make that public and therefore, more trusted, please use the --public flag.

vcn notarize --public <asset>

Change the asset's status:

vcn unsupport <asset>
vcn untrust <asset>

Finally, to fetch all assets you've notarized:

vcn list