Skip to content

TLOG Support #34

New issue
New issue
Closed
#44
Closed
TLOG Support#34
#44
@dlorenc

Description

@dlorenc
dlorenc
opened on Feb 28, 2021

Let's add an experimental TLOG mode to the tool. This will look like:

TLOG=1 cosign sign ...

and

TLOG=1 cosign verify ...

The tlog server will default to api.rekor.dev, and can be overridden with the REKOR_SERVER env variable.

TLOG=1 cosign sign will publish the signature, public key and payload to the Rekor tlog.
TLOG=1 cosign verify will verify the signature, public key and payload are in the tlog, as well as verifying the signature itself.

Both commands will record the state of the tlog in the .rekor/state.json configuration file and audit the log on each invocation..

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions