rekor

Triggers

Triggers are outbound webhooks that fire automatically when data changes in Rekor. When a record is created, updated, or deleted, Rekor sends an HTTP request to the trigger's configured URL with the change details.

How It Works

  1. Create a trigger — specify the collection, events to watch, and the destination URL.
  2. Data changes happen — agents or hooks create, update, or delete records.
  3. Rekor fires the trigger — sends a signed HTTP POST to the destination with the record data.

Creating a Trigger

rekor triggers create --workspace my-workspace \
  --name "Notify Slack on P1" \
  --collection incidents \
  --url https://hooks.slack.com/services/T00/B00/xxx \
  --events '["create","update"]'

Managing Triggers

# List all triggers
rekor triggers list --workspace my-workspace

# Get a specific trigger
rekor triggers get {trigger_id} --workspace my-workspace

# Delete a trigger
rekor triggers delete {trigger_id} --workspace my-workspace

Events

Triggers can listen for any combination of:

  • create — a new record is inserted
  • update — an existing record is modified
  • delete — a record is soft-deleted

HMAC Signatures

Every trigger request includes an X-Rekor-Signature header — an HMAC signature that the receiving system can use to verify the request came from Rekor. Each trigger has its own secret, generated automatically.

Async Dispatch

Triggers fire asynchronously — they never block the write response. Multiple triggers on the same collection fire in parallel. If a trigger's destination is unreachable, Rekor does not retry (fire-and-forget).

Preventing Loops

By default, triggers have skip_hook_writes: true. This means writes that originated from a hook won't fire triggers, preventing infinite webhook loops (hook creates record → trigger fires → external system calls hook → ...).

Environment Restrictions

Triggers can only be created or deleted in preview workspaces. To add triggers to production, create them in a preview workspace and promote. Secrets are regenerated on the production side during promotion — preview secrets are never copied.