-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add keyless support (also with private fulcio/rekor instance) #1493
Comments
Hey @pflaeging ! We definately want to support keyless verification for cosign, but it might have to wait for a little bit. We are currently working on a golang rewrite of the code and instead of doing the work twice (for python and go) it's better to do it just once. We already made some efforts to support a private rekor instance in the go version, so the implementation should be easier there. We'll make an announcement, once the golang version is ready and then we'll tackle this issue. Cheers. |
Is there anything new in terms of keyless verification? |
Unfortunatly not. Its the next thing we'll be working on. |
Adds support for keyless cosign verification. This feature allows users to verify images signed with cosign without the need for a public key. fixes #1493
It would be great to have working keyless support in connaisseur.
We made a strong effort to establish a system to rollout your own instance of fulcio and rekor (look at https://gitlab.opencode.de/ig-bvc/ag-sig/fulcio-rekor-rollout). This is a project for european public agencies to share secure container.
I've tried to write down the assets to verify images with cosign (https://gitlab.opencode.de/ig-bvc/ag-sig/fulcio-rekor-rollout/-/blob/main/WhatIsNeededForVerify.md).
I've seen the principal hooks inside connaisseurs are there but empty (not implemented yet).
Can we start a discussion to implement it? There's example code for signing and verification in the repo above.
Thanks in advance
peter [email protected]
The text was updated successfully, but these errors were encountered: