tresor-verify CLI

Cross-platform CLI for one-shot attestation and receipt verification — ideal for CI smoke tests and audits.

tresor-verify is the Go CLI that wraps the same verifier logic as the tresor-attest SDKs but runs as a one-shot command. It is the right tool when you don't want to take on a runtime dependency — for example in CI pipelines, ad-hoc audits, or non-supported language stacks.

Install

go install github.com/tresorhq/zero/receipts/cmd/tresor-verify@latest

A pre-built binary release is also published on the releases page.

Verify the attestation

Confirm the API endpoint is the audited Tresor router running inside an AMD SEV-SNP enclave:

tresor-verify attest \
    --url https://api.tresor.co \
    --release-root ./release-root.pub
PASS
TLS SPKI SHA-256:      9b8c…
SNP MEASUREMENT:       0e3b…
Workload identity tag: a1b2…
Trust bundle version:  17 (valid until 2026-05-01T00:00:00Z)

Add --json for machine-readable output, e.g. to compare against a previously recorded pin in CI.

FlagPurpose
--urlEndpoint to verify (default: https://api.tresor.co).
--release-rootPath to the release-root public key (PEM or raw 32-byte Ed25519).
--jsonEmit a structured JSON result.
--max-ageOverride the envelope cache TTL.

The exit code is non-zero on any verification failure, so it composes naturally with shell scripts and CI step exit gating.

Verify a receipt

Pipe the authenticated receipt response directly into the CLI:

curl -s https://api.tresor.co/v1/receipts/7c9e6679-7425-40de-944b-e07fc1f90ae7 \
    -H "Authorization: Bearer $TRESOR_API_KEY" \
    | tresor-verify receipt \
            --jwks-url https://api.tresor.co/.well-known/jwks.json \
            -
PASS
Receipt type:  message
Key ID:        router-receipt-1

If you prefer a file-based flow, save the API response first and verify it later:

curl -s https://api.tresor.co/v1/receipts/7c9e6679-7425-40de-944b-e07fc1f90ae7 \
    -H "Authorization: Bearer $TRESOR_API_KEY" \
    > receipt.json

tresor-verify receipt \
        --jwks-url https://api.tresor.co/.well-known/jwks.json \
        receipt.json

tresor-verify receipt accepts the full API response shape ({ id, receipt }), the canonical { jws, payload? } envelope, or a bare compact JWS string.

See also