rekor

rekor inbound-webhooks

Manage inbound webhook endpoints

Subcommands

rekor inbound-webhooks create

Create a new inbound webhook

  • --name <name> — Inbound webhook name
  • --secret <secret> — HMAC shared secret
  • --id <id> — Inbound webhook ID (auto-generated if omitted)
  • --collection-scope <collections> — Comma-separated collection scope
  • --field-mapping <json> — Inline mapping applied to the payload before write — a field_mapping JSON, e.g. {"to_external":{"status":"state"}} (to_external renames auto-invert on read) or {"to_rekor":{...}}/{"computed":{...}}. Mutually exclusive with --source-binding.
  • --ingest-auth <json> — Inbound auth scheme. Default (omitted) = HMAC signature. Static-header senders: {"type":"static_header","header":"X-Account-Key"} — the configured header is compared to --secret (constant-time) instead of an HMAC.

rekor inbound-webhooks get <id>

Get an inbound webhook

rekor inbound-webhooks list

List all inbound webhooks

rekor inbound-webhooks deliveries

List hydration delivery status for reference-style ("notification + fetch") webhooks

  • --status <status> — Filter by status (pending|delivered|failed|dead)
  • --inbound-webhook <id> — Filter to one inbound webhook

rekor inbound-webhooks delete <id>

Delete an inbound webhook

  • -y, --yes — Skip confirmation prompt