znewman01
commented
1 year ago See https://github.com/sigstore/sigstore/issues/1012
The sigstore/sigstore repo is the right place to track this.
Right now, we have to add every supported KMS provider over there. Per https://github.com/sigstore/sigstore/issues/386 we'd like to make it easy to plug in your own, but that work's not done yet.
Additionally, if you support KMIP then we could get support for free: https://github.com/sigstore/sigstore/issues/784
Dear maintainers,
We've developed an SGX-based Cloud KMS (called as eHSM), eHSM is a cloud service to provide functionalities to manage keys and secrets by fully leveraging Intel SGX capability. It based on SGX SDK not LibOS, which has smaller TCB (Trusted Computing Base) and thus enhanced security. more details please see the follwoing link: https://github.com/intel/ehsm.git
we're investigating is it possible to upstream it into the cosign as an alternative KMS solution, if so, could you provide some guide or wikis to show how to do it? Thanks.