-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is interaction with other KMS available or in the roadmap ? #563
Comments
So sigstore-java plan is to support the keyless workflows for the Java ecosystem. What workflow do you have in mind? Is kms a requirement? |
The one indicated by my link to the cosign cli. |
I guess I'm curious why you need KMS in the java client? And why keyless isn't sufficient? |
I am in an environment not connected to internet.
So to make the keyless available i am using a local HashyCorp Vault.
Cosign give the ability to do that. You should ask to sigstore why it is
possible with the cli :-).
I think that it also gives the possibility to connect to a personal KMS on
the cloud. With that, you are not linked to the default one from sigstore.
Le mer. 25 oct. 2023 à 15:58, Appu ***@***.***> a écrit :
… I guess I'm curious why you need KMS in the java client? And why keyless
isn't sufficient?
—
Reply to this email directly, view it on GitHub
<#563 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADXFKOOEGLPN5L76UPGXKTYBELIJAVCNFSM6AAAAAA6PKXKE2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZZGMZTQMRTGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Is interaction with other KMS available or in the roadmap ?
I mean, this feature of the cli https://docs.sigstore.dev/signing/signing_with_containers/#sign-with-a-key-pair-stored-elsewhere is alrady available on this plugin ?
The text was updated successfully, but these errors were encountered: