Cosign signing is failing

[cig0]

Hi all,

In moving away from startingpoint to blue-bird-template, cosign consistently fails when using the private key.

What I tried so far:

• Generate the key pair as described in https://blue-build.org/how-to/cosign/
  • I'm using the GitHub CLI client (as described) to avoid errors due to manual operations
  • I can confirm a secret under the name SIGNING_SECRET is correctly created, but of course, I can't access the content of the secret
• Commit and push the public part of the cosign key

(trace)

[2024-02-29T20:27:34Z TRACE blue_build::commands::build] check_for_cosign_files()
[2024-02-29T20:27:34Z DEBUG blue_build::commands::build] Building on live branch, checking cosign files
[2024-02-29T20:27:34Z TRACE blue_build::commands::build] cosign public-key --key env://COSIGN_PRIVATE_KEY
[2024-02-29T20:27:34Z ERROR blue_build::commands] Failed to run cosign public-key: Error: decrypt: encrypted: decryption failed
    main.go:74: error during command execution: decrypt: encrypted: decryption failed

Error: Process completed with exit code 1.

I tried again two times, manually, to discard any issue with GH and got the same result.

Then, I tried with the (very nice!) WebUI: https://blue-build.org/how-to/setup/ (Automatic setup using the web interface) using the factory values:

As you can see, it failed again with the same error message as above. I confirm a secret named SIGNING_SECRET was attached to the repository.

Let me know if there's any other piece of information that you need!

[tulilirockz]

Could you send your image repo here? Its just so that it may be easier to check out what is happening

[cig0]

@tulilirockz Thanks for stepping in! I just needed to leave the password blank (@bayou-brogrammer kindly pointed to this issue on Discord: https://github.com/smallstep/cli/issues/483)