cosign:tldr:4425b

cosign: Verify an image with a public key stored in a Kubernetes secret.

cosign

$ cosign verify -key k8s://${namespace}/${key} ${image}

try on your machine

The cosign verify command is used to verify the digital signature of a container image. Here is an explanation of the different components in the given command:

cosign verify: This part of the command instructs the Cosign tool to perform the image verification.
-key k8s://${namespace}/${key}: It specifies the key used to verify the digital signature. The k8s:// prefix indicates that the key is stored in a Kubernetes secret. ${namespace} and ${key} represent the namespace and the name of the secret, respectively.
${image}: This is the container image that you want to verify. It can be specified as an image name or reference.

Ultimately, the command will verify the digital signature of the provided container image using the specified key stored in the Kubernetes secret.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.

back to the cosign tool