RocketChat · jcbrtl · Feb 27, 2026 · Feb 27, 2026
diff --git a/README.md b/README.md
@@ -3,12 +3,28 @@
 This repository contains a collection of **Zarf packages** designed to deploy and manage a complete Rocket.Chat ecosystem in air-gapped or restricted environments.
 Zarf is an open-source tool designed to simplify the delivery of software into air-gapped, secure, or highly regulated environments by bundling all necessary dependencies into [packages](https://docs.zarf.dev/ref/packages/).
 
+## Verifying packages
+
+Write our public key to a file (`rc-zarf.pub`):
+```
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGRlNyEmY/vgPSXrlPvOZbp1xeCPg
+6M7EC9Ojs5IT5QD0n3+XCexASrnRLQ2NWJscOKBhVoybjeSpSY/sAImuDQ==
+-----END PUBLIC KEY-----
+```
+
+Then:
+```
+zarf package verify oci://ghcr.io/rocketchat/<package-name>:<package-version> --key rc-zarf.pub
+```
+You can also [deploy with signature verification](https://docs.zarf.dev/tutorials/5-package-signing-and-verification/#step-6-deploy-with-signature-verification).
+
 ## Deploying packages
 
 It is recommended that your Kubernetes cluster contains  at least 3 nodes with 2 vCPUs, 6 GiB memory and 100G disk each.
 For testing, you can decrease storage and mongod limits. There's a README.md in each package folder with variables and defaults.
 
-### Init the cluster
+### Requirement: init the cluster
 
 ```
 KUBECONFIG=<kubeconfig> zarf init [--storage-class longhorn] [--confirm]

diff --git a/airlock/zarf.yaml b/airlock/zarf.yaml
@@ -37,3 +37,4 @@ variables:
     description: "The admin password for workspaces cluster"
     prompt: true
     default: b4n4n4-5up3r
+
diff --git a/cert-manager/zarf.yaml b/cert-manager/zarf.yaml
@@ -56,3 +56,4 @@ variables:
     description: "Specific configuration for the cert-manager webhook"
     default: "{hostNetwork: true, securePort: 10260}"
 
+
diff --git a/launchcontrol/zarf.yaml b/launchcontrol/zarf.yaml
@@ -27,3 +27,4 @@ variables:
   - name: LAUNCHCONTROL_CLUSTER_ISSUER
     description: "A cert-manager's ClusterIssuer name to be used for TLS ingress"
     default: ca-issuer
+
diff --git a/longhorn/zarf.yaml b/longhorn/zarf.yaml
@@ -99,3 +99,4 @@ components:
                 echo "Registry already on Longhorn. No action taken."
               fi
 
+
diff --git a/mongodb-kubernetes/zarf.yaml b/mongodb-kubernetes/zarf.yaml
@@ -80,3 +80,4 @@ variables:
     description: "The cluster admin password"
     prompt: true
     default: b4n4n4-5up3r
+
diff --git a/monitoring/zarf.yaml b/monitoring/zarf.yaml
@@ -67,3 +67,4 @@ variables:
     prompt: true
     default: 30Gi
 
+
diff --git a/server-workspace/zarf.yaml b/server-workspace/zarf.yaml
@@ -81,3 +81,4 @@ variables:
   - name: WORKSPACE_LICENSE
     description: "Workspace license"
     default: ""
+
Original file line number	Diff line number	Diff line change
Expand Up		@@ -37,3 +37,4 @@ variables:
		description: "The admin password for workspaces cluster"
		prompt: true
		default: b4n4n4-5up3r
Original file line number	Diff line number	Diff line change
Expand Up		@@ -56,3 +56,4 @@ variables:
		description: "Specific configuration for the cert-manager webhook"
		default: "{hostNetwork: true, securePort: 10260}"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -27,3 +27,4 @@ variables:
		- name: LAUNCHCONTROL_CLUSTER_ISSUER
		description: "A cert-manager's ClusterIssuer name to be used for TLS ingress"
		default: ca-issuer
Original file line number	Diff line number	Diff line change
Expand Up		@@ -99,3 +99,4 @@ components:
		echo "Registry already on Longhorn. No action taken."
		fi
Original file line number	Diff line number	Diff line change
Expand Up		@@ -80,3 +80,4 @@ variables:
		description: "The cluster admin password"
		prompt: true
		default: b4n4n4-5up3r
Original file line number	Diff line number	Diff line change
Expand Up		@@ -67,3 +67,4 @@ variables:
		prompt: true
		default: 30Gi
Original file line number	Diff line number	Diff line change
Expand Up		@@ -81,3 +81,4 @@ variables:
		- name: WORKSPACE_LICENSE
		description: "Workspace license"
		default: ""