How to hide docker-reference in identity section while verifying the docker image #3012
Comments
|
Take a look at #2984 (not merged yet) which adds support for a Would that solve your issue? |
|
Thank you that PR #2984 should solve the issue @znewman01 is there a plan to port this Pr to version 1.13.1 as we are using internally cosign version 1.13.1 |
|
We have no plans to backport for now, though if enough folks need it we might consider it. Can you share why you're still on 1.13? That's really useful feedback for us. |
Our requirement is to not upload the signer details or any other information to the transparency log. Hence, it would be great if you could consider this :) . Thank you ! |
|
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
This issue was closed because it has been stalled for 5 days with no activity. |
Question
Is there a way to not include/hide the docker-reference which shows private registry details for us when verifying the signed docker images using the public key
[{"critical":{"identity":{"docker-reference":"internal-docker-registry/hello-world"},"image":{"docker-manifest-digest":"sha256:df48083e8dc43ccb8c3ba2d49bf15c7dce3507797dbc8d3331df937a5aac904f"},"type":"cosign container image signature"},"optional":null}]
the command used for signing the image:
cosign sign --key "private-key" internal-docker-registry/hello-world@sha256:df48083e8dc43ccb8c3ba2d49bf15c7dce3507797dbc8d3331df937a5aac904f
the command used to verify the docker image:
cosign verify --key ~/cosign-public-key.pub internal-docker-registry/hello-world@sha256:df48083e8dc43ccb8c3ba2d49bf15c7dce3507797dbc8d3331df937a5aac904f
The text was updated successfully, but these errors were encountered: