cosigned icon indicating copy to clipboard operation
cosigned copied to clipboard

Published 20 hours ago verified publisher icon dlorenc

Add support for separate signature registry than the image

Open sambhav opened this issue 4 years ago • 5 comments

cosign supports uploading signatures to a separate registry than the image itself.

cosigned should be able to support something similar when uploading the public key config map to associate each keys with a registry?

sambhav avatar Jun 06 '21 20:06 sambhav

Sure! We can use the same env car as config somehow.

dlorenc avatar Jun 06 '21 21:06 dlorenc

I might try and contribute this :)

sambhav avatar Jun 06 '21 21:06 sambhav

Sure! Just curious - are you thinking of running this anywhere? I really only put it together as a quick demo/POC, but it appears that some people are actually looking at it seriously :)

dlorenc avatar Jun 06 '21 21:06 dlorenc

If it supports this and #6, definitely. It might be worth considering to promote this repository or something like it to the sigstore project. I believe other people who are using cosign will probably be interested in something like this as well :)

sambhav avatar Jun 06 '21 21:06 sambhav

Yeah that's mainly what I was getting at! We can find some kind of org to move this to if people are really interested in it :)

dlorenc avatar Jun 06 '21 21:06 dlorenc