hasanhakkaev
commented
1 month ago I don't think this is possible or will be supported/implemented in the future. But you can do the following :
- Generate key-pair via cosign and save them locally
- Create secrets as kv in Vault containing the keys
- Grab the keys from Vault like any normal secret
- Sign or verify with cosign.
Description
Hey, everyone!
I have a need for static key storage without using transit encryption. Is there any method to force cosign to use the signing key just from the KV storage?
cosign sign --tlog-upload=false --key hashivault://$KEY $IMAGE