Adding security.txt to Jekyll on GitLab Pages
I thought I’d share how I added a signed security.txt to my static Jekyll website running on GitLab Pages in case it’s helpful for anyone else.
Create path and file
The first thing you need to do is create the folder .well-known in the Jekyll root directory. Then, create the security.txt file in it. My file contains the following information:
- Contact (required)
- Expires (required)
- Encryption (optional)
- Preferred-Languages (optional)
- Canonical (optional)
Digital signature
I’ve got a few GPG keys on the system, so I’ve picked the right one using the --local-user parameter. And with the --clearsign option, the signature goes straight into the file.
gpg --local-user $fingerprint --clearsign security.txt
Now, just rename the signed file and verify it with GPG.
mv security.txt.asc security.txt
cat security.txt
gpg --verify security.txt
If the check is positive, you’ll see Good signature from... in the output.
Jekyll Config
In Jekyll, the folder must be in the include part of the _config.yml configuration file:
include:
- .well-known
Local Test
With jekyll serve the page is served locally, and it can be checked if the file is served correctly. I run the following command:
bundle exec jekyll serve --host=127.0.0.1 -P 4000 --drafts --future
I’ve set up an alias with jekyll-serve in my .zshrc to make things a bit simpler.
The file will now be displayed via https://127.0.0.1:4000/.well-known/security.txt.
GitLab Pages
At last, you can push the changes to the GitLab remote repository and then just wait until the pipeline has run through. You should now be able to access the security.txt file as intended, for me via https://m0x2a.dreamymatrix.com/.well-known/security.txt.