cosign the ' cosign sign command' is expected to set the OCI image, payload and signature , instead of --key to generate signature .

the ' cosign sign command' is expected to set the OCI image, payload and signature , instead of --key to generate signature .

Open liufangwai opened this issue 3 years ago • 1 comments

trafficstars

Question

There is a internal key management system, to avoid private key leakage, the cosign sign command is expected to set the OCI image, payload and signature (instead of --key to generate signature) , then push to the OCI repository. Finally, use ' cosign verify ' to set public key to verify the signature of the image. but I found that the command 'cosign sign' can't support this 。

May 06 '22 11:05 liufangwai

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days.

Aug 20 '22 02:08 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

Aug 25 '22 02:08 github-actions[bot]

cosign cosign copied to clipboard

the ' cosign sign command' is expected to set the OCI image, payload and signature , instead of --key to generate signature .

cosign
cosign copied to clipboard