Hayden B
Hayden B
I should probably delete that section, I would not recommend using the TUF client directly. Instead I'd recommend the Sigstore TUF client linked above, as it handles both the TUF...
Exactly! And `RekorLogs` for the transparency log keys.
cc @hayleycd Also cc @mihaimaruseac, who could help with some model signing docs
@mihaimaruseac What we've done with the clients is not to require documentation live in this repo, but to have a brief outline of the purpose of the client, a quickstart...
Not as straightforward - OpenAPI 3.0 allows a per-content-type schema, but not 2.0 which is what we're using - https://swagger.io/docs/specification/describing-responses/
I think you're hitting two issues. `not verified by identity provider` is because the token you've provided contains an email but not an `email_verified` claim. The other issue is that...
Actually I think this is straightforward to add assuming the URIs are standard. We can add Vault instances as "meta issuers", meaning we just use `*` in place of any...
As I mentioned over Slack, I haven't been able to find documentation that that regex is standard for a Vault deployment - if you have any references, that would be...
Hey @wata727, sorry for the delay, I will reply to this next week! I do have lots of thoughts on this and really appreciate you taking a look!
One other previous attempt: https://github.com/sigstore/cosign/pull/3138