cosign icon indicating copy to clipboard operation
cosign copied to clipboard
verified publisher icon sigstore

feat(cli): add `--payload-media-type` to `sign` (fixes #4300)

Open arubegonsan opened this issue 5 months ago • 0 comments

Summary

This commit introduces a new --payload-media-type flag to the cosign sign command.

When signing with a custom payload using the --payload flag, users can now also specify the MIME type of that payload via --payload-media-type.

This media type is then stored in the mediaType field of the signature layer descriptor in the resulting OCI manifest. This allows consumers of the signature to correctly interpret the payload's content type.

If --payload is not used, this flag is ignored.

Release Note

  • Fixes #4300: introduced the --payload-media-type flag in cosign sign.

Documentation

Needs documentation change.

arubegonsan avatar Jul 23 '25 16:07 arubegonsan