Sign InTry Free

tiup mirror sign

The tiup mirror sign command is used to sign the metadata files (*.json)defined in TiUP mirror. These metadata files might be stored on the local file system or remotely stored using the HTTP protocol to provide a signature entry.


tiup mirror sign <manifest-file> [flags]

<manifest-file> is the address of the file to be signed, which has two forms:

  • Network address, which starts with HTTP or HTTPS, such as
  • Local file path, which is a relative path or an absolute path

If it is a network address, this address must provide the following features:

  • Supports the access via http get that returns the complete content of the signed file (including the signatures field).
  • Supports the access via http post. The client adds the signature to the signatures field of the content that is returned by http get and posts to this network address.


-k, --key

  • Specifies the location of the private key used for signing the {component}.json file.
  • Data type: STRING
    • If this option is not specified in the command, "${TIUP_HOME}/keys/private.json" is used by default.


  • Specifies the access timeout time for signing through the network. The unit is in seconds.
  • Data type: INT
  • Default: 10


  • If the command is executed successfully, there is no output.
  • If the file has been signed by the specified key, TiUP reports the error Error: this manifest file has already been signed by specified key.
  • If the file is not a valid manifest, TiUP reports the error Error: unmarshal manifest: %s.

<< Back to the previous page - TiUP Mirror command list

Download PDF
One-stop & interactive experience of TiDB's capabilities WITHOUT registration.
TiDB Dedicated
TiDB Serverless
Get Demo
Get Started
© 2024 PingCAP. All Rights Reserved.
Privacy Policy.