source-controller icon indicating copy to clipboard operation
source-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

`HelmChart` / `OCIRepository` - KMS Support for `spec.verify`

Open mathieu-benoit opened this issue 2 years ago • 0 comments

Is it planned to add the KMS support for spec.verify for both HelmChart / OCIRepository?

Today, only storing the public key in a Secret is supported with spec.verify.secretRef.name:

  • https://fluxcd.io/flux/components/source/helmcharts/#verification
  • https://fluxcd.io/flux/components/source/ocirepositories/#verification

It would be great to add the KMS support as an alternative, see Cosign ref here: https://docs.sigstore.dev/cosign/kms_support/

mathieu-benoit avatar Mar 29 '23 11:03 mathieu-benoit