Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is interaction with other KMS available or in the roadmap ? #563

Open
fletort opened this issue Oct 25, 2023 · 4 comments
Open

Is interaction with other KMS available or in the roadmap ? #563

fletort opened this issue Oct 25, 2023 · 4 comments
Labels
question Further information is requested

Comments

@fletort
Copy link

fletort commented Oct 25, 2023

Is interaction with other KMS available or in the roadmap ?

I mean, this feature of the cli https://docs.sigstore.dev/signing/signing_with_containers/#sign-with-a-key-pair-stored-elsewhere is alrady available on this plugin ?

@fletort fletort added the question Further information is requested label Oct 25, 2023
@loosebazooka loosebazooka transferred this issue from sigstore/sigstore-maven-plugin Oct 25, 2023
@loosebazooka
Copy link
Member

loosebazooka commented Oct 25, 2023

So sigstore-java plan is to support the keyless workflows for the Java ecosystem. What workflow do you have in mind? Is kms a requirement?

@fletort
Copy link
Author

fletort commented Oct 25, 2023

The one indicated by my link to the cosign cli.
The feature to use another KMS (Key Management Service) APIs as Azure Key Vault, AWS KMS, .... or a local install of Hashicorp Vault.

@loosebazooka
Copy link
Member

I guess I'm curious why you need KMS in the java client? And why keyless isn't sufficient?

@fletort
Copy link
Author

fletort commented Oct 25, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants