alex-ilgayev
commented
10 months ago @gerritlansing, apologies for the delay. Thanks for raising the request!
We currently support keys given as input parameters in popular formats (RSA/EC) through PEM format, and we plan to extend the support to keys stored in cloud KMS, including Azure Key Vault. We don't have a specific timeline at the moment.
As a workaround, it is possible to fetch a short-lived signature key beforehand, through Azure CLI, such as az keyvault ..., and give the key as an input to the cimon-action action.
Let me know if it works for you, and I would love to hear additional feedback you have for the cimon attest capability!
We use Azure Key Vault (HSM-backed) to store our signing keys. Would you be able to support signing provenance with Azure Key Vault backed keys?