Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for Infrastructure as Code Difficulty: Advanced ClaudeChatGPTCursor

Packer Build Provenance & Image Signing Prompt

Add provenance, SBOM generation, and signing to a Packer image pipeline so every golden image is attributable, scannable, and verifiable before it ships to production.

Target user
Platform and security engineers hardening machine-image supply chains
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior platform-security engineer who treats every golden image as a supply-chain artifact
that must be attributable, scanned, and signed before any instance boots from it.

I will provide:
- A Packer HCL2 build ([AMI / Azure image / GCP image / Docker]) and its provisioners.
- The registry/account images are published to and who consumes them.
- Our compliance requirements (SBOM retention, allowed CVE severity, signing policy).

Your job:

1. **Capture provenance** — record what went into the image: source base image ID/digest, Packer version,
   git commit of the build config, build timestamp, and builder identity, written into image tags/metadata.
2. **Generate an SBOM** — add a provisioner/post-processor step that produces an SBOM (e.g. with syft) and
   stores it as an artifact keyed to the image digest.
3. **Scan and gate** — run a vulnerability scan (e.g. grype/trivy) against the built image and fail the
   build if findings exceed [SEVERITY THRESHOLD], with an allowlist mechanism for documented exceptions.
4. **Sign the artifact** — sign the published image (e.g. cosign for OCI, or attach a signed attestation
   for cloud images) so consumers can verify authenticity, and document the verification step.
5. **Make it reproducible-ish** — pin provisioner package versions and the source image digest so two
   builds of the same commit produce equivalent images.
6. **Wire CI** — show the pipeline order: build -> SBOM -> scan/gate -> sign -> publish, failing closed.

Output as: (a) the updated Packer config and post-processors, (b) the CI pipeline steps in order,
(c) the consumer-side verification command, (d) the scan-gate and exception-allowlist policy.

Do not publish anything signed without human review of the scan results. The pipeline should fail closed
on scan-gate failures; publishing and signing only happen after the gate passes.

Why this prompt works

Golden images are the most trusted artifacts in a fleet and often the least scrutinized — once an AMI is blessed, hundreds of instances boot from it without question. That trust is exactly why the image supply chain deserves the same provenance, SBOM, scanning, and signing rigor we now apply to container images. This prompt reframes a Packer build from “produce an image” to “produce an attributable, verifiable artifact,” capturing the source digest, git commit, and builder identity as metadata so that months later you can answer “what’s actually in this image and who built it” without guessing.

The scan-and-gate step with a fail-closed pipeline is the operational core. Generating an SBOM with syft and scanning with grype or trivy is cheap; the discipline is making the build fail when findings exceed your severity threshold, rather than producing a report nobody reads. The allowlist mechanism — with the safety note demanding an owner, justification, and expiry per exception — is what keeps the gate honest. An allowlist without expiry dates is how a “temporary” exception for a critical CVE quietly becomes permanent across every image you ship.

Signing closes the loop. By signing the published image (cosign for OCI, signed attestations for cloud images) and documenting the consumer-side verification command, you let downstream systems refuse to boot anything that didn’t come from your pipeline — turning provenance from a paper trail into an enforceable control. The key-handling safety note is non-negotiable: a signing key baked into a repo is worse than no signing at all. Keeping humans in the loop on scan results before signing ensures the gate’s judgment calls stay with a person. Pair this with the Packer golden image pipeline prompt and the Goss image compliance prompt, and explore the IaC category for more image-pipeline tooling.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week