System Grab Bag

View all TLDR pages from common (or from all pages)

cosign

Container Signing, Verification and Storage in an OCI registry. More information: https://github.com/sigstore/cosign.
  • Generate a key-pair:
    cosign generate-key-pair
  • Sign a container and store the signature in the registry:
    cosign sign -key {{cosign.key}} {{image}}
  • Sign a container image with a key pair stored in a Kubernetes secret:
    cosign sign -key k8s://{{namespace}}/{{key}} {{image}}
  • Sign a blob with a local key pair file:
    cosign sign-blob --key {{cosign.key}} {{path/to/file}}
  • Verify a container against a public key:
    cosign verify -key {{cosign.pub}} {{image}}
  • Verify images with a public key in a Dockerfile:
    cosign dockerfile verify -key {{cosign.pub}} {{path/to/Dockerfile}}
  • Verify an image with a public key stored in a Kubernetes secret:
    cosign verify -key k8s://{{namespace}}/{{key}} {{image}}
  • Copy a container image and its signatures:
    cosign copy {{example.com/src:latest}} {{example.com/dest:latest}}

License and Disclaimer

The content on this page is copyright © 2014—present the tldr-pages team and contributors.
This page is used with permission under Creative Commons Attribution 4.0 International License.

While we do attempt to make sure content is accurate, there isn't a warranty of any kind.