Support KMS keys in cosign signature
Closed this issue · 2 comments
brennoo commented
Cosign supports KMS providers, the CLI command would look like:
cosign verify --key <some provider>://<some key> $IMAGE_DIGEST
What would you like to be added:
We would need to add the key
(or public-key
) parameter to the Signature.cosign section to support KMS providers instead of certificate-{oidc,identity}-*
parameters
Why is this needed:
Our use case is to verify rules signed with AWS KMS and stored in AWS ECR but that would also enable the support for GCP, Azure and Vault KMS