add verified commits docs page (#283)

* add verified commits docs page * Update cloud/features/verified-commits.mdx Co-authored-by: Mark Phelps <[email protected]> * chore: titlecase Signed-off-by: Mark Phelps <[email protected]> * chore: finalize docs Signed-off-by: Mark Phelps <[email protected]> --------- Signed-off-by: Mark Phelps <[email protected]> Co-authored-by: Mark Phelps <[email protected]>
flipt-io · Oct 22, 2024 · 27f5e91 · 27f5e91
1 parent 807f4ab
commit 27f5e91
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 29 deletions.
diff --git a/cloud/features/verified-commits.mdx b/cloud/features/verified-commits.mdx
@@ -0,0 +1,42 @@
+---
+title: Verified Commits
+description: Learn about verifying Git commits with Flipt Cloud
+mode: "wide"
+---
+
+Verify Flipt's commits to your GitHub repository with SSH signing keys. This ensures that commits are authentic and have not been tampered with. You can be confident that the commits you see in your repository are indeed from Flipt.
+
+You can learn more about GitHub's commit verification in the [GitHub documentation](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification).
+
+![Signed Commits](/images/cloud/features/verified-commits/commits.png)
+
+<Info>
+  Verified Commits are only available on our Team plan and above. See our
+  [pricing page](https://www.flipt.io/pricing) for more information.
+</Info>
+
+## Creating a Signing Key
+
+![Signed Commits](/images/cloud/features/verified-commits/generate-key.png)
+
+To verify commits with Flipt Cloud, we'll need to create a
+signing key, as Flipt needs to be able to sign the commits it
+creates itself.
+
+To do this, head to your user settings in Flipt Cloud, and click 'Generate Key'.
+
+![Signed Commits](/images/cloud/features/verified-commits/signing-key.png)
+
+## Adding Your Key to GitHub
+
+Head to your [key settings](https://github.com/settings/keys) in GitHub, and add it
+as an SSH **Signing Key**.
+
+It's important that it should be a signing key, rather than an authentication
+key, as we don't want this key to be able to push to your repositories, just to
+verify commits.
+
+## How We Store Your Key
+
+Flipt uses [AWS Key Management Service (KMS)](https://aws.amazon.com/kms/) to generate and store your signing key. This means we don't
+ever have access to the private key, and instead ask the KMS API to sign commits using your key.
diff --git a/images/cloud/features/verified-commits/commits.png b/images/cloud/features/verified-commits/commits.png
diff --git a/images/cloud/features/verified-commits/generate-key.png b/images/cloud/features/verified-commits/generate-key.png
diff --git a/images/cloud/features/verified-commits/signing-key.png b/images/cloud/features/verified-commits/signing-key.png
diff --git a/mint.json b/mint.json
@@ -82,10 +82,7 @@
   "navigation": [
     {
       "group": "Overview",
-      "pages": [
-        "introduction",
-        "concepts"
-      ]
+      "pages": ["introduction", "concepts"]
     },
     {
       "group": "Use Cases",
@@ -110,10 +107,7 @@
         "integration/overview",
         {
           "group": "Server-Side SDKs",
-          "pages": [
-            "integration/server/rest",
-            "integration/server/grpc"
-          ]
+          "pages": ["integration/server/rest", "integration/server/grpc"]
         },
         "integration/client",
         "integration/openfeature",
@@ -126,7 +120,7 @@
         {
           "group": "User Guides",
           "pages": [
-            "guides/user/get-going-with-gitops", 
+            "guides/user/get-going-with-gitops",
             "guides/user/using-references"
           ]
         },
@@ -150,9 +144,7 @@
             },
             {
               "group": "Authorization",
-              "pages": [
-                "guides/operation/authorization/rbac-with-keycloak"
-              ]
+              "pages": ["guides/operation/authorization/rbac-with-keycloak"]
             }
           ]
         },
@@ -192,17 +184,14 @@
         "cli/overview",
         {
           "group": "Commands",
-          "pages":[
+          "pages": [
             {
               "group": "config",
-              "pages":[
-                "cli/commands/config/init",
-                "cli/commands/config/edit"
-              ]
+              "pages": ["cli/commands/config/init", "cli/commands/config/edit"]
             },
             {
               "group": "bundle",
-              "pages":[
+              "pages": [
                 "cli/commands/bundle/build",
                 "cli/commands/bundle/list",
                 "cli/commands/bundle/pull",
@@ -229,9 +218,7 @@
     },
     {
       "group": "Authorization",
-      "pages": [
-        "authorization/overview"
-      ]
+      "pages": ["authorization/overview"]
     },
     {
       "group": "Operations",
@@ -245,11 +232,9 @@
     },
     {
       "group": "Tooling",
-      "pages": [
-        "tooling/github-actions"
-      ]
+      "pages": ["tooling/github-actions"]
     },
-    
+
     {
       "group": "Overview",
       "pages": [
@@ -266,7 +251,8 @@
         "cloud/features/git-backed-storage",
         "cloud/features/approval-workflows",
         "cloud/features/rbac",
-        "cloud/features/user-management"
+        "cloud/features/user-management",
+        "cloud/features/verified-commits"
       ]
     },
     {
@@ -293,7 +279,7 @@
       ]
     },
     {
-      "group": "Evaluation", 
+      "group": "Evaluation",
       "pages": [
         "reference/evaluation/boolean-evaluation",
         "reference/evaluation/variant-evaluation",
@@ -399,12 +385,12 @@
       "source": "/integration/rest",
       "destination": "/integration/server/rest"
     },
-    { 
+    {
       "source": "/integration/grpc",
       "destination": "/integration/server/grpc"
     },
     {
-      "source":"/guides/get-going-with-gitops",
+      "source": "/guides/get-going-with-gitops",
       "destination": "/guides/user/get-going-with-gitops"
     },
     {