Cosign - Sign Container Images | Online Free DevTools by Hexmos
Sign container images with Cosign for secure deployments. Authenticate, verify, and manage image signatures easily. Free online tool, no registration required.
cosign
Container Signing, Verification and Storage in an OCI registry. More information: https://github.com/sigstore/cosign.
- Generate a key-pair:
cosign generate-key-pair
- Sign a container and store the signature in the registry:
cosign sign -key {{cosign.key}} {{image}}
- Sign a container image with a key pair stored in a Kubernetes secret:
cosign sign -key k8s://{{namespace}}/{{key}} {{image}}
- Sign a blob with a local key pair file:
cosign sign-blob --key {{cosign.key}} {{path/to/file}}
- Verify a container against a public key:
cosign verify -key {{cosign.pub}} {{image}}
- Verify images with a public key in a Dockerfile:
cosign dockerfile verify -key {{cosign.pub}} {{path/to/Dockerfile}}
- Verify an image with a public key stored in a Kubernetes secret:
cosign verify -key k8s://{{namespace}}/{{key}} {{image}}
- Copy a container image and its signatures:
cosign copy {{example.com/src:latest}} {{example.com/dest:latest}}