fix: allow non-interactive package publish with signing key

site/src/content/docs/commands/zarf_package_create.md

@@ -34,8 +34,8 @@ zarf package create [ DIRECTORY ] [flags]
   -s, --sbom                               View SBOM contents after creating the package
       --sbom-out string                    Specify an output directory for the SBOMs from the created Zarf package
       --set stringToString                 Specify package variables to set on the command line (KEY=value) (default [])
-      --signing-key string                 Path to private key file for signing packages
-      --signing-key-pass string            Password to the private key file used for signing packages
+      --signing-key string                 Private key for signing packages. Accepts either a local file path or a Cosign-supported key provider
+      --signing-key-pass string            Password to the private key used for signing packages
       --skip-sbom                          Skip generating SBOM for this package
 ```
 

site/src/content/docs/commands/zarf_package_publish.md

@@ -29,9 +29,10 @@ $ zarf package publish ./path/to/dir oci://my-registry.com/my-namespace
 ### Options
 
 ```
+      --confirm                     Confirms package publish without prompting. Skips prompt for the signing key password
   -h, --help                        help for publish
-      --signing-key string          Path to a private key file for signing or re-signing packages with a new key
-      --signing-key-pass string     Password to the private key file used for publishing packages
+      --signing-key string          Private key for signing or re-signing packages with a new key. Accepts either a local file path or a Cosign-supported key provider
+      --signing-key-pass string     Password to the private key used for publishing packages
       --skip-signature-validation   Skip validating the signature of the Zarf package
 ```
 

src/cmd/package.go

@@ -549,6 +549,7 @@ func NewPackagePublishCommand(v *viper.Viper) *cobra.Command {
 	cmd.Flags().StringVar(&pkgConfig.PublishOpts.SigningKeyPath, "signing-key", v.GetString(common.VPkgPublishSigningKey), lang.CmdPackagePublishFlagSigningKey)
 	cmd.Flags().StringVar(&pkgConfig.PublishOpts.SigningKeyPassword, "signing-key-pass", v.GetString(common.VPkgPublishSigningKeyPassword), lang.CmdPackagePublishFlagSigningKeyPassword)
 	cmd.Flags().BoolVar(&pkgConfig.PkgOpts.SkipSignatureValidation, "skip-signature-validation", false, lang.CmdPackageFlagSkipSignatureValidation)
+	cmd.Flags().BoolVar(&config.CommonOptions.Confirm, "confirm", false, lang.CmdPackagePublishFlagConfirm)
 
 	return cmd
 }

src/config/lang/english.go

@@ -259,8 +259,8 @@ $ zarf package mirror-resources <your-package.tar.zst> \
 	CmdPackageCreateFlagSbomOut               = "Specify an output directory for the SBOMs from the created Zarf package"
 	CmdPackageCreateFlagSkipSbom              = "Skip generating SBOM for this package"
 	CmdPackageCreateFlagMaxPackageSize        = "Specify the maximum size of the package in megabytes, packages larger than this will be split into multiple parts to be loaded onto smaller media (i.e. DVDs). Use 0 to disable splitting."
-	CmdPackageCreateFlagSigningKey            = "Path to private key file for signing packages"
-	CmdPackageCreateFlagSigningKeyPassword    = "Password to the private key file used for signing packages"
+	CmdPackageCreateFlagSigningKey            = "Private key for signing packages. Accepts either a local file path or a Cosign-supported key provider"
+	CmdPackageCreateFlagSigningKeyPassword    = "Password to the private key used for signing packages"
 	CmdPackageCreateFlagDeprecatedKey         = "[Deprecated] Path to private key file for signing packages (use --signing-key instead)"
 	CmdPackageCreateFlagDeprecatedKeyPassword = "[Deprecated] Password to the private key file used for signing packages (use --signing-key-pass instead)"
 	CmdPackageCreateFlagDifferential          = "[beta] Build a package that only contains the differential changes from local resources and differing remote resources from the specified previously built package"
@@ -298,8 +298,9 @@ $ zarf package publish my-package.tar oci://my-registry.com/my-namespace
 # Publish a skeleton package to a remote registry
 $ zarf package publish ./path/to/dir oci://my-registry.com/my-namespace
 `
-	CmdPackagePublishFlagSigningKey         = "Path to a private key file for signing or re-signing packages with a new key"
-	CmdPackagePublishFlagSigningKeyPassword = "Password to the private key file used for publishing packages"
+	CmdPackagePublishFlagSigningKey         = "Private key for signing or re-signing packages with a new key. Accepts either a local file path or a Cosign-supported key provider"
+	CmdPackagePublishFlagSigningKeyPassword = "Password to the private key used for publishing packages"
+	CmdPackagePublishFlagConfirm            = "Confirms package publish without prompting. Skips prompt for the signing key password"
 
 	CmdPackagePullShort   = "Pulls a Zarf package from a remote registry and save to the local file system"
 	CmdPackagePullExample = `