Code Snippets

Practical examples of using Trusted Signatures CLI and API in real-world scenarios.

CLI Examples

Basic Signing

1
2
3
4
5
6
7

#!/bin/bash
export TS_API_KEY_ID="your_api_key_id"
export TS_API_KEY="your_api_key"

sign-pdf \
  --input document.pdf \
  --output signed-document.pdf

Batch Processing

1
2
3
4
5
6
7
8
9

#!/bin/bash
for pdf in input/*.pdf; do
  filename=$(basename "$pdf" .pdf)
  sign-pdf \
    --input "$pdf" \
    --output "signed/${filename}-signed.pdf" \
    --ltv \
    --limit-changes allow-forms
done

Invoice Workflow

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

#!/bin/bash
# Generate and sign invoice
wkhtmltopdf invoice-template.html temp-invoice.pdf

sign-pdf \
  --input temp-invoice.pdf \
  --output "invoices/invoice-$(date +%Y%m%d-%H%M%S).pdf" \
  --ltv \
  --limit-changes no-changes

rm temp-invoice.pdf

CI/CD Pipeline

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

#!/bin/bash
set -e

python generate_report.py --output temp-report.pdf

sign-pdf \
  --input temp-report.pdf \
  --output "reports/$(date +%Y-%m-%d)-compliance-report.pdf" \
  --ltv \
  --limit-changes allow-comments

aws s3 cp "reports/$(date +%Y-%m-%d)-compliance-report.pdf" \
  s3://company-reports/signed/

Docker Integration

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# Dockerfile
FROM alpine:latest
RUN apk add --no-cache curl
RUN curl -LO https://trusted-signatures.com/downloads/sign-pdf-v1.2.3-linux-amd64.tar.gz
RUN tar -xzf sign-pdf-v1.2.3-linux-amd64.tar.gz && mv sign-pdf /usr/local/bin/

# Usage
docker run -v $(pwd)/pdfs:/pdfs \
  -e TS_API_KEY_ID="your_api_key_id" \
  -e TS_API_KEY="your_api_key" \
  pdf-signer \
  --input /pdfs/document.pdf \
  --output /pdfs/signed-document.pdf \
  --ltv

Pipeline Integration

1
2
3
4
5
6
7
8
9

#!/bin/bash
export TS_API_KEY_ID="your_api_key_id"
export TS_API_KEY="your_api_key"

# Sign PDF using stdin/stdout pipes
cat input.pdf | sign-pdf --ltv > signed-output.pdf

# Or in a pipeline with other tools
wkhtmltopdf report.html - | sign-pdf --limit-changes no-changes > sealed-report.pdf

Cloud Connector Examples

Azure Cloud Connector

Deploy the Azure Function, publish it, and test the seal-pdf endpoint from your own Azure environment.

Download: cloud_connector_azure.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

#!/bin/bash
az deployment group create \
  --resource-group ts-gateway-rg \
  --template-file deploy/main.bicep \
  --parameters \
    saName=tsgatewaystorage123 \
    functionAppName=ts-gateway-func \
    location=eastus

func azure functionapp publish ts-gateway-func

curl -X POST https://ts-gateway-func.azurewebsites.net/api/seal-pdf \
  -F "pdf=@document.pdf" \
  -F "apiKey=$TS_API_KEY" \
  -F "apiKeyId=$TS_API_KEY_ID" \
  -F "includeLtv=true" \
  -F "limitChanges=no-changes" \
  --output sealed-document.pdf

AWS Cloud Connector

Upload the PDF to S3, invoke the Lambda-based connector, and pull the sealed PDF from the destination bucket.

Download: cloud_connector_aws.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

#!/bin/bash
aws s3 cp document.pdf s3://your-source-bucket/uploads/document.pdf

cat > seal-event.json <<'EOF'
{
  "httpMethod": "POST",
  "path": "/seal",
  "body": "{\"sourceBucket\":\"your-source-bucket\",\"sourceKey\":\"uploads/document.pdf\",\"destinationBucket\":\"your-destination-bucket\",\"destinationKey\":\"sealed/sealed-document.pdf\",\"apiKey\":\"your-hex-api-key\",\"apiKeyId\":\"your-key-id\",\"tsaTimestamp\":true,\"includeLtv\":true,\"limitChanges\":\"no-changes\"}"
}
EOF

aws lambda invoke \
  --function-name pdf-sealer-gateway \
  --payload fileb://seal-event.json \
  response.json

aws s3 cp s3://your-destination-bucket/sealed/sealed-document.pdf sealed-document.pdf

GCP Cloud Connector

Deploy the Cloud Function with gcloud, then call the sealed-PDF endpoint with an identity token.

Download: cloud_connector_gcp.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

#!/bin/bash
gcloud functions deploy pdf-sealer-gateway \
  --gen2 \
  --runtime=nodejs22 \
  --region=us-central1 \
  --source=. \
  --entry-point=seal \
  --trigger-http

TOKEN=$(gcloud auth print-identity-token)

curl -X POST https://REGION-PROJECT_ID.cloudfunctions.net/pdf-sealer-gateway/seal \
  -H "Authorization: Bearer $TOKEN" \
  -F "pdf=@document.pdf" \
  -F "apiKey=$TS_API_KEY" \
  -F "apiKeyId=$TS_API_KEY_ID" \
  --output sealed-document.pdf

Kubernetes / Container Gateway

Run the container locally or in-cluster and call the /seal endpoint over HTTP.

Download: cloud_connector_k8s.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

#!/bin/bash
docker pull trustedsignatures/container-gateway:latest
docker run -d --name pdf-sealer -p 8080:8080 trustedsignatures/container-gateway:latest

curl http://localhost:8080/health

curl -X POST http://localhost:8080/seal \
  -H "Content-Type: application/json" \
  -d '{
    "pdfBuffer": "'"$(base64 < document.pdf | tr -d '\n')"'",
    "apiKey": "'"$TS_API_KEY"'",
    "apiKeyId": "'"$TS_API_KEY_ID"'",
    "tsaTimestamp": true,
    "includeLtv": true,
    "limitChanges": "no-changes"
  }' \
  --output sealed-response.json

Common Patterns

  • Invoices: Use --limit-changes no-changes for tamper-proof documents
  • Forms: Use --limit-changes allow-forms for fillable PDFs
  • Reports: Use --ltv for long-term verification
  • Batch: Loop through directories for bulk processing
  • Cloud connectors: Keep runtime, storage, and orchestration inside your own Azure, AWS, GCP, or Kubernetes environment