"cosign verify-blob" or "cosign verify" with local certificate and chain always asks for oidc provider
Closed this issue · 1 comments
fernandokarnagi commented
Description
When invoking "cosign verify-blob" or "cosign verify" with local certificate and chain, the cli always asks for cert identity and oidc provider.
Error: --certificate-identity or --certificate-identity-regexp is required for verification in keyless mode
main.go:74: error during command execution: --certificate-identity or --certificate-identity-regexp is required for verification in keyless mode
Found the code here certificate flag
Is it a bug?
Version
v2.2.3
haydentherapper commented
Working as intended, a certificate must contain an identity. If you are not using Fulcio, which issues identity certificates, you can extract the key with something like https://smallstep.com/docs/step-cli/reference/certificate/key/ and provide that instead.