cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

[Vault KMS] don't assume the `transit` path

Open raffaelespazzoli opened this issue 2 years ago • 3 comments

Description

currently cosing assumes that the transit secret engine will be mounted at the transit path all of the times. This is not the case for Vault. The mount path should be explicit in the kms URL.

raffaelespazzoli avatar Jan 24 '23 20:01 raffaelespazzoli

Hi, I guess can find the solution here > https://docs.sigstore.dev/cosign/kms_support/#hashicorp-vault

hasanhakkaev avatar Jan 25 '23 09:01 hasanhakkaev

@raffaelespazzoli Indeed, you can find how to point to the transit path, as @hasanhakkaev mentioned above.

hectorj2f avatar Jan 25 '23 09:01 hectorj2f

Not much of a news for this particular case but, here is the "transit" secret engine hardcoded

hasanhakkaev avatar Mar 17 '23 13:03 hasanhakkaev