cimon-action icon indicating copy to clipboard operation
cimon-action copied to clipboard
verified publisher icon CycodeLabs

cimon-attest: Support for signing with Azure Key Vault stored key

Open gerritlansing opened this issue 2 years ago • 1 comments

We use Azure Key Vault (HSM-backed) to store our signing keys. Would you be able to support signing provenance with Azure Key Vault backed keys?

gerritlansing avatar Sep 29 '23 11:09 gerritlansing

@gerritlansing, apologies for the delay. Thanks for raising the request!

We currently support keys given as input parameters in popular formats (RSA/EC) through PEM format, and we plan to extend the support to keys stored in cloud KMS, including Azure Key Vault. We don't have a specific timeline at the moment.

As a workaround, it is possible to fetch a short-lived signature key beforehand, through Azure CLI, such as az keyvault ..., and give the key as an input to the cimon-action action.

Let me know if it works for you, and I would love to hear additional feedback you have for the cimon attest capability!

alex-ilgayev avatar Oct 25 '23 11:10 alex-ilgayev