Cosign supports KMS providers, the CLI command would look like:

cosign verify --key <some provider>://<some key> $IMAGE_DIGEST

What would you like to be added:
We would need to add the key (or public-key) parameter to the Signature.cosign section to support KMS providers instead of certificate-{oidc,identity}-* parameters

Why is this needed:
Our use case is to verify rules signed with AWS KMS and stored in AWS ECR but that would also enable the support for GCP, Azure and Vault KMS