Snapcraft equivalent of `snap sign`

It seems that snapd does all the key handling, but snapcraft acts as a front-end for it. snap -h shows no key-related options, but snapcraft -h does. There’s a missing piece though. Let’s say I’m creating a new model assertion in order to create a custom image with ubuntu-image. From scratch (i.e. all I have is a store account) it looks like this:

  1. Create key:

    $ snapcraft create-key my-key-name
  2. Verify the status of that key:

        $ snapcraft list-keys
             Name           SHA3-384 fingerprint
        *    my-key-name    Qjdfpj0EWAW<snip>kkiZ41H4CROy  (not registered)
  3. Register that key:

    $ snapcraft register-key

Registering key …
Done. The key “my-key-name” (QjdfpH4CROy) may be used to sign your assertions.

That’s all well and good, but when it comes time to create the model assertion, that looks like this:

$ cat my-model.json | snap sign -k my-key-name > my.model
You need a passphrase to unlock the secret key for
user: "my-key-name"
4096-bit RSA key, ID 0B79B865, created 2016-01-01

All of a sudden needing to use snap sign here when the rest of the flow didn’t use snap at all is confusing. Is this an oversight? Or is the plan for snapcraft to grow a sign subcommand?


I agree, I always found it very confusing

the plan has been to have a model creator tool, and I think in the interim for somebody to write some simpler snapcraft model command, but nobody has got to that.

Given the situation exposing a snapcraft sign would be alright in my book.