Container Signing using CA Certificate

Question

Container Signing using CA Certificate

suryabaiarava opened this issue 3 months ago · 1 comments

Hi Team,

As we are exploring Cosing for containter, blob signing for our project . we want to check on below use case.

if we are using CA certificate to sign our container image does integrating with OIDC is mandate because when we run below command it is asking for verification code to be entered by accessing this URL https://oauth2.sigstore.dev/auth/auth? Please provide confirmation.

Command : cosign sign --certificate cosign-cert-cosign-cert-20240304.pem <> --tlog-upload=false

Answer 1 · 2024-03-04T17:19:12.000Z

You have to provide a signing key or signing identity. If you provide a key, you won't be prompted. If you don't, then the tool will take you through the OIDC flow to fetch a signing certificate.