Update docs with verification-failure-behavior

buildkite · Sep 6, 2024 · 6ee2eeb · 6ee2eeb
1 parent af01af2
commit 6ee2eeb
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/pages/agent/v3/signed_pipelines.md b/pages/agent/v3/signed_pipelines.md
@@ -102,6 +102,14 @@ verification-jwks-file=<path to public key set>
 
 This ensures that whenever those agents upload steps to Buildkite, they'll generate signatures using the private key you generated earlier. It also ensures that those agents verify the signatures of any steps they run, using the public key.
 
+```ini
+verification-failure-behavior=<warn>
+```
+
+This setting determines the BuildKite agent’s response when it receives a job without a proper signature. It specifies how strictly the agent should enforce signature verification for incoming jobs. The agent will warn about the missing signature but will still proceed with executing the job. If not explicitly specified, the default behavior is `block`, which will prevent any job without a signature from running, ensuring a secure pipeline environment by default.
+
+
+
 On instances that verify jobs, add:
 
 ```ini