Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document Staging instance usage with Keyless #1824

Merged
merged 1 commit into from
May 2, 2022

Conversation

k4leung4
Copy link
Contributor

@k4leung4 k4leung4 commented May 2, 2022

Signed-off-by: Kenny Leung kleung@chainguard.dev

Summary

This is to document how to use the staging Sigstore instance with keyless signing.

@haydentherapper @priyawadhwa PTAL

Ticket Link

Fixes

Release Note


@codecov-commenter
Copy link

codecov-commenter commented May 2, 2022

Codecov Report

Merging #1824 (fca3d6c) into main (e74f180) will not change coverage.
The diff coverage is n/a.

❗ Current head fca3d6c differs from pull request most recent head d5b9ed9. Consider uploading reports for the commit d5b9ed9 to get more accurate results

@@           Coverage Diff           @@
##             main    #1824   +/-   ##
=======================================
  Coverage   33.02%   33.02%           
=======================================
  Files         147      147           
  Lines        9347     9347           
=======================================
  Hits         3087     3087           
  Misses       5906     5906           
  Partials      354      354           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e74f180...d5b9ed9. Read the comment docs.

@k4leung4 k4leung4 force-pushed the staging-keyless branch from fca3d6c to e50cd9f Compare May 2, 2022 13:21
KEYLESS.md Outdated Show resolved Hide resolved
@k4leung4 k4leung4 force-pushed the staging-keyless branch from e50cd9f to d5b9ed9 Compare May 2, 2022 13:26
KEYLESS.md Outdated Show resolved Hide resolved
cpanato
cpanato previously approved these changes May 2, 2022
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm! thanks for the documentation!

cpanato
cpanato previously approved these changes May 2, 2022
* https://rekor.sigstage.dev
* https://oauth2.sigstage.dev/auth

These instances are operated and maintained in the same manner as the public production environment for Sigstore.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There will be no SLO provided nor the same protection of the root key material for TUF. We should loudly note this, that this is staging and never should be used for production.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added note about slo and not for production use.

* Steps 1-4 configures your local environment to use the staging keys and certificates.
* Step 5 specify the staging environment with flags needed for signing.
* Step 6 specify the staging environment with flags needed for verifying.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we also note how to get back to using production, rm the Sigstore directory and init?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point.
added steps to revert to production

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
@dlorenc dlorenc merged commit 88b68f4 into sigstore:main May 2, 2022
@github-actions github-actions bot added this to the v1.9.0 milestone May 2, 2022
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants