cosigned
cosigned copied to clipboard
dlorenc
Are there any plans to support the kms systems (AWS KMS etc) that cosign supports instead of having to leverage k8s secrets to store the private key?
Currently, the root CA is locked to Fulcio which users may not want to use. This should be configurable, ideally loaded from the environment.
I'm having an issue compiling cosigned using cosign 0.4 or 0.5. Changes are happening here: https://github.com/sigstore/cosign/blob/main/pkg/cosign/verify.go#L153 Those are leading to the error below in https://github.com/dlorenc/cosigned/blob/main/pkg/cosigned/cosigned.go#L27: ``` pkg/cosigned/cosigned.go:27:22: not enough arguments...
It might be possible to add support for verifying that resources other than pods also reference images which are signed. This could possibly be done by providing the controller a...
cosign supports uploading signatures to a separate registry than the image itself. cosigned should be able to support something similar when uploading the public key config map to associate each...