cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Add support for providing a trust root file for private deployments

Open haydentherapper opened this issue 1 year ago • 9 comments
trafficstars

Description

Goal is to provide a simple interface for users to provide their own roots of trust for services (Rekor, Fulcio, CT log, TSA) by using the "trust root" specification.

Related to https://github.com/sigstore/cosign/issues/3548, as the public good instance trust root will be provided through TUF.

This will obsolete many open issues around providing root key material. TODO is to find them all and link them here. Long-term, we will deprecate many of the CLI flags and environment variables in favor of using this trust root file.

haydentherapper avatar May 16 '24 16:05 haydentherapper