Skip to content

feat: adding support for KMS in cosign #416

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 3, 2024
Merged

feat: adding support for KMS in cosign #416

merged 1 commit into from
Feb 3, 2024

Conversation

brennoo
Copy link
Contributor

@brennoo brennoo commented Feb 3, 2024

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

/kind flaky-test

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area library

/area cli

/area tests

/area examples

What this PR does / why we need it:
This PR adds support for KMS providers in the cosign signature verify process, making it possible to use cloud providers KMS, hashicorp vault and kubernetes.

Which issue(s) this PR fixes:

Fixes #380

Special notes for your reviewer:
I've tested key parameter with different values including http://, awskms:// and local file pubkey.pem - it was needed to add the private-infrastructure flag for cases where the transaction is not sent to the transparency log

@poiana poiana requested review from alacuku and loresuso February 3, 2024 10:50
@poiana poiana added the size/L label Feb 3, 2024
@cpanato
Copy link
Member

cpanato commented Feb 3, 2024

/ok-to-test

cpanato
cpanato reviewed Feb 3, 2024
View reviewed changes
@brennoo
feat: adding support for KMS in cosign
c34d042 
Signed-off-by: Brenno Oliveira <brenno.oliveira@deliveryhero.com>
@brennoo brennoo force-pushed the feat/kms_keys_signatures branch from 915ec06 to c34d042 Compare February 3, 2024 13:13
cpanato
cpanato approved these changes Feb 3, 2024
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you

/lgtm
/approve

@poiana poiana added the lgtm label Feb 3, 2024
@poiana
Copy link
Contributor

poiana commented Feb 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brennoo, cpanato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Feb 3, 2024

LGTM label has been added.

Git tree hash: ca58e416c2d4dcfed1cbe48966c0fe28a98d5ae4

@poiana poiana added the approved label Feb 3, 2024
@cpanato
Copy link
Member

cpanato commented Feb 3, 2024

/hold for tests

@cpanato
Copy link
Member

cpanato commented Feb 3, 2024

/unhold

@poiana poiana merged commit 4f9b935 into falcosecurity:main Feb 3, 2024
@brennoo brennoo deleted the feat/kms_keys_signatures branch February 3, 2024 20:46
@BrewTestBot BrewTestBot mentioned this pull request May 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@alacuku alacuku Awaiting requested review from alacuku

@loresuso loresuso Awaiting requested review from loresuso

Assignees

@cpanato cpanato

Labels
approved area/cli dco-signoff: yes lgtm size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support KMS keys in cosign signature
3 participants
@brennoo @cpanato @poiana