Skip to main content

Verifying ESS releases against Cosign

Cosign ESS Verification Key

ESS does not use Cosign transaction log to be able to support airgapped deployment. We are instead relying on a public key that you can ask if you need to run image verification in your cluster.

The ESS Cosign public key is the following one :

-----END PUBLIC KEY-----

Verifying manually

To verify a container against ESS Keys, you will have to run the following command :

  • Operator : cosign verify<version> --key --insecure-ignore-tlog=true
  • Updater : cosign verify<version> --key --insecure-ignore-tlog=true

Verifying automatically

You will have to setup and configure your SIGStore Admission Policy to use ESS Public Key.