Skip to content

Support Cosign keyless signing & verification #2659

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#2662
Closed
Support Cosign keyless signing & verification#2659
#2662
Assignees
caarlos0
Labels
enhancementNew feature or request
@developer-guy

Description

@developer-guy
developer-guy
opened on Nov 10, 2021

Is your feature request related to a problem? Please describe.
It is not related to a problem. It's a feature request for signing and verifying with Keyless Mode.1

Describe the solution you'd like

GoReleaser can use the cosign tool as a command in the sigs section. In order to enable Keyless mode in cosign, we need to pass an environment variable called COSIGN_EXPERIMENTAL=1. So, we've opened another issue to enable passing environment variables to the sigs section. Also, recently, the Kyverno project did the same thing. 2

[ ] - #2657 - @Dentrax

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context

cc: @Dentrax @erkanzileli

Footnotes

  1. https://github.com/sigstore/cosign/blob/main/KEYLESS.md

  2. github.com/add keyless verification kyverno/kyverno#2677

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions