sigstore: get identity from token
Closed this issue · 1 comments
jku commented
Currently when adding a new "sigstore key" the user is asked to enter email and issuer: this is error prone.
Instead we could do a issuer.identity_token()
(in other words actually authenticate) and read the values from the token (makes sense to wait for next sigstore release though -- the token content will change)
jku commented
this depends on secure-systems-lab/securesystemslib#630 and will be trivial after it: SigstoreSigner.import_via_auth()
handles this case out-of-the-box