model-transparency icon indicating copy to clipboard operation
model-transparency copied to clipboard
verified publisher icon sigstore

Add support for using a private Sigstore stack

Open font opened this issue 1 year ago • 2 comments

Description

Some use-cases involve standing up a private instance of the Sigstore stack as users do not want to upload private data to the public good instance (PGI). For these cases, we need to support the signing of models using a private Sigstore stack of at least the Rekor transparency log, but could also include a private instance of a Fulcio CA for a private keyless auth flow.

font avatar Jun 12 '24 17:06 font

This should be straightforward to add, as sigstore-python supports providing URLs for the Rekor and Fulcio instances, along with either a URL for the TUF repo or a trusted root file.

Hayden-IO avatar Jun 12 '24 17:06 Hayden-IO

Here are more details: https://github.com/sigstore/sigstore-python?tab=readme-ov-file#configuring-a-custom-root-of-trust-byo-pki

Hayden-IO avatar Jun 12 '24 18:06 Hayden-IO