Forrest logo
tool overview
On this page you find all important commands for the CLI tool cosign. If the command you are looking for is missing please ask our AI.

cosign

Cosign is a command-line utility and container signing implementation that allows users to sign and verify Docker images. It leverages the principles of Transparency and Secure Supply Chains to provide a way to verify the authenticity, integrity, and provenance of container images.

Some key features and concepts of Cosign include:

  1. Image signing: Cosign allows users to sign container images using a public and private key pair. The signed image includes a digital signature that can be verified by others.

  2. Verification: By verifying the signature of a signed image, users can ensure that the image has not been tampered with and comes from a trusted source.

  3. Image transparency: Cosign is built on top of The Update Framework (TUF), which provides transparency in the form of a signing log. It allows users to track image signing activities, view past signatures, and ensures untrusted or compromised keys cannot be used.

  4. Container adoption: Cosign aims to bring secure signing and verification practices to the container ecosystem, making it easier for organizations to adopt containers securely by ensuring the integrity and origin of images.

  5. Integration: Cosign can be integrated into existing CI/CD pipelines, registry servers, and deployment workflows, making it suitable for both developers and DevOps teams.

Cosign addresses the need for secure container image distribution and helps establish trust between publishers and consumers in containerized environments.

List of commands for cosign:

  • cosign:tldr:00058 cosign: Sign a blob with a local key pair file.
    $ cosign sign-blob --key ${cosign-key} ${filename}
    try on your machine
    explain this command
  • cosign:tldr:2c1ce cosign: Copy a container image and its signatures.
    $ cosign copy ${example-com-src:latest} ${example-com-dest:latest}
    try on your machine
    explain this command
  • cosign:tldr:4425b cosign: Verify an image with a public key stored in a Kubernetes secret.
    $ cosign verify -key k8s://${namespace}/${key} ${image}
    try on your machine
    explain this command
  • cosign:tldr:4647f cosign: Verify a container against a public key.
    $ cosign verify -key ${cosign-pub} ${image}
    try on your machine
    explain this command
  • cosign:tldr:a973f cosign: Generate a key-pair.
    $ cosign generate-key-pair
    try on your machine
    explain this command
  • cosign:tldr:e5f7d cosign: Sign a container and store the signature in the registry.
    $ cosign sign -key ${cosign-key} ${image}
    try on your machine
    explain this command
  • cosign:tldr:f8119 cosign: Sign a container image with a key pair stored in a Kubernetes secret.
    $ cosign sign -key k8s://${namespace}/${key} ${image}
    try on your machine
    explain this command
tool overview