Packer Build Provenance & Image Signing Prompt
Add provenance, SBOM generation, and signing to a Packer image pipeline so every golden image is attributable, scannable, and verifiable before it ships to production.
- Target user
- Platform and security engineers hardening machine-image supply chains
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior platform-security engineer who treats every golden image as a supply-chain artifact that must be attributable, scanned, and signed before any instance boots from it. I will provide: - A Packer HCL2 build ([AMI / Azure image / GCP image / Docker]) and its provisioners. - The registry/account images are published to and who consumes them. - Our compliance requirements (SBOM retention, allowed CVE severity, signing policy). Your job: 1. **Capture provenance** — record what went into the image: source base image ID/digest, Packer version, git commit of the build config, build timestamp, and builder identity, written into image tags/metadata. 2. **Generate an SBOM** — add a provisioner/post-processor step that produces an SBOM (e.g. with syft) and stores it as an artifact keyed to the image digest. 3. **Scan and gate** — run a vulnerability scan (e.g. grype/trivy) against the built image and fail the build if findings exceed [SEVERITY THRESHOLD], with an allowlist mechanism for documented exceptions. 4. **Sign the artifact** — sign the published image (e.g. cosign for OCI, or attach a signed attestation for cloud images) so consumers can verify authenticity, and document the verification step. 5. **Make it reproducible-ish** — pin provisioner package versions and the source image digest so two builds of the same commit produce equivalent images. 6. **Wire CI** — show the pipeline order: build -> SBOM -> scan/gate -> sign -> publish, failing closed. Output as: (a) the updated Packer config and post-processors, (b) the CI pipeline steps in order, (c) the consumer-side verification command, (d) the scan-gate and exception-allowlist policy. Do not publish anything signed without human review of the scan results. The pipeline should fail closed on scan-gate failures; publishing and signing only happen after the gate passes.
Why this prompt works
Golden images are the most trusted artifacts in a fleet and often the least scrutinized — once an AMI is blessed, hundreds of instances boot from it without question. That trust is exactly why the image supply chain deserves the same provenance, SBOM, scanning, and signing rigor we now apply to container images. This prompt reframes a Packer build from “produce an image” to “produce an attributable, verifiable artifact,” capturing the source digest, git commit, and builder identity as metadata so that months later you can answer “what’s actually in this image and who built it” without guessing.
The scan-and-gate step with a fail-closed pipeline is the operational core. Generating an SBOM with syft and scanning with grype or trivy is cheap; the discipline is making the build fail when findings exceed your severity threshold, rather than producing a report nobody reads. The allowlist mechanism — with the safety note demanding an owner, justification, and expiry per exception — is what keeps the gate honest. An allowlist without expiry dates is how a “temporary” exception for a critical CVE quietly becomes permanent across every image you ship.
Signing closes the loop. By signing the published image (cosign for OCI, signed attestations for cloud images) and documenting the consumer-side verification command, you let downstream systems refuse to boot anything that didn’t come from your pipeline — turning provenance from a paper trail into an enforceable control. The key-handling safety note is non-negotiable: a signing key baked into a repo is worse than no signing at all. Keeping humans in the loop on scan results before signing ensures the gate’s judgment calls stay with a person. Pair this with the Packer golden image pipeline prompt and the Goss image compliance prompt, and explore the IaC category for more image-pipeline tooling.
Related prompts
-
Goss and InSpec Image Compliance Testing Prompt
Write automated server-spec tests with Goss (or InSpec) to validate golden images and provisioned hosts — packages, services, ports, files, users, and CIS controls — and wire them into the image build pipeline as a gate.
-
Packer Golden Image Pipeline Prompt
Design a Packer build that produces hardened, reproducible golden machine images across clouds — provisioners, versioning, CVE scanning, and a bake-vs-boot decision framework.