t-settle
commented
3 months ago @suryabaiarava I noticed the same thing today using the hashivault KMS provider. I even pulled down and built Cosign from @ HEAD because I was seeing an issue related to https://github.com/sigstore/sigstore/issues/1735. Wasn't sure if this was similarly related. But even the latest Cosign I am getting same error:
% cosign --key hashivault://cosign verify my-private-repo/thomas@$DIGEST Error: no matching signatures: failed vault verification failed vault verification main.go:69: error during command execution: no matching signatures: failed vault verification failed vault verification
Hi Team,
We're encountering intermittent errors while using cosign verify in our container CICD pipelines. Where cosign verify fails, we receive the following error message:
main.go:69: error during command execution: no matching signatures: failed with vault verification.Despite the error, we've noticed that the image digest value (SHA) remains unmodified, and the corresponding .sig file exists.
As a temporary workaround, resigning the image resolves the issue. However, we'd like to troubleshoot and resolve the underlying cause.
Cosign Version: v2.2.3 CLI Syntax: cosign verify --key azurekms:///keyname acrimage/repo:sha256:fdkkdkfdkfd
Could anyone provide guidance on how to troubleshoot this issue effectively?
Any assistance would be greatly appreciated.
Thank you!