Verifying ESS releases against Cosign

Cosign ESS Verification Key

ESS does not use Cosign transaction log to be able to support airgapped deployment. We are instead relying on a public key that you can ask if you need to run image verification in your cluster.

The ESS Cosign public key is the following one :

-----END PUBLIC KEY-----

Verifying manually

To verify a container against ESS Keys, you will have to run the following command :

Verifying automatically

You will have to setup and configure your SIGStore Admission Policy to use ESS Public Key.

Revision #3
Created 1 March 2024 15:31:06 by Gaël Goinvic
Updated 1 March 2024 15:47:21 by Gaël Goinvic