Open developer-guy opened 2 years ago
cc @mattmoor @imjasonh I think that should work!
ecrHelper is intended to use workload identity if it's available. If it doesn't, that's a bug, let me know.
The public key pulled from KMS isn't used to auth to the registry, it's only used in cosign.CheckOpts
:
Feature request
I saw that this project retrieved the public key from the AWS KMS system (IIUC)^1. To do so, it used ecrHelper (IIUC handles authentication), so, what am I asking is that, instead of using this one, could we use the AWS workload identity feature to accomplish the same thing, thanks in advance.
Use case