Cosign signing is failing
Closed this issue · 2 comments
Hi all,
In moving away from startingpoint to blue-bird-template, cosign consistently fails when using the private key.
What I tried so far:
- Generate the key pair as described in https://blue-build.org/how-to/cosign/
- I'm using the GitHub CLI client (as described) to avoid errors due to manual operations
- I can confirm a secret under the name
SIGNING_SECRETis correctly created, but of course, I can't access the content of the secret
- Commit and push the public part of the
cosignkey
(trace)
[2024-02-29T20:27:34Z TRACE blue_build::commands::build] check_for_cosign_files()
[2024-02-29T20:27:34Z DEBUG blue_build::commands::build] Building on live branch, checking cosign files
[2024-02-29T20:27:34Z TRACE blue_build::commands::build] cosign public-key --key env://COSIGN_PRIVATE_KEY
[2024-02-29T20:27:34Z ERROR blue_build::commands] Failed to run cosign public-key: Error: decrypt: encrypted: decryption failed
main.go:74: error during command execution: decrypt: encrypted: decryption failed
Error: Process completed with exit code 1.
I tried again two times, manually, to discard any issue with GH and got the same result.
Then, I tried with the (very nice!) WebUI: https://blue-build.org/how-to/setup/ (Automatic setup using the web interface) using the factory values:
As you can see, it failed again with the same error message as above. I confirm a secret named SIGNING_SECRET was attached to the repository.
Let me know if there's any other piece of information that you need!
Could you send your image repo here? Its just so that it may be easier to check out what is happening
@tulilirockz Thanks for stepping in! I just needed to leave the password blank (@bayou-brogrammer kindly pointed to this issue on Discord: smallstep/cli#483)