Alec Evangelista

Got it, I was just under the impression both needed to be specified. Here is where I am at now: ``` osslsigncode sign -pkcs11engine /usr/lib/x86_64-linux-gnu/engines-3/cloudhsm.so -certs cert.crt -key fake_pvt.pem -n...

@ZachNo thanks for the comment, definitely made some progress here: ``` osslsigncode sign -pkcs11engine /usr/lib/x86_64-linux-gnu/engines-3/pkcs11.so -pkcs11module /opt/cloudhsm/lib/libcloudhsm_pkcs11.so -certs MY_CERT -key "pkcs11:token=hsm1;object=MY_LABEL" -readpass creds.txt -ts http://timestamp.digicert.com -i https://www.example.com/ -n "test" -h...

I see that AWS EKS is part of the list of supported OIDC providers: https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml#L108-L110, so this addresses one of my questions. Based on the doc: https://github.com/sigstore/fulcio/blob/main/docs/new-idp-requirements.md, perhaps Hashicorp Vault...

Hi @haydentherapper, Thanks for the response! Regarding the two issues you pointed out: 1. We added the `email_verified` claim but it still won’t take the token, probably due to issue...

@haydentherapper, yes that looks to be Vaults standard URI. Under the hood, what exactly is happening? From my understanding, is it: 1. A signing request is made through `cosign sign-blob...