cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Cosign Verify fails with azure akv intermittent

Open suryabaiarava opened this issue 1 year ago • 1 comments
trafficstars

Hi Team,

We're encountering intermittent errors while using cosign verify in our container CICD pipelines. Where cosign verify fails, we receive the following error message:

main.go:69: error during command execution: no matching signatures: failed with vault verification.

Despite the error, we've noticed that the image digest value (SHA) remains unmodified, and the corresponding .sig file exists.

As a temporary workaround, resigning the image resolves the issue. However, we'd like to troubleshoot and resolve the underlying cause.

Cosign Version: v2.2.3 CLI Syntax: cosign verify --key azurekms:///keyname acrimage/repo:sha256:fdkkdkfdkfd

Could anyone provide guidance on how to troubleshoot this issue effectively?

Any assistance would be greatly appreciated.

Thank you!

suryabaiarava avatar Jun 04 '24 12:06 suryabaiarava