►
Description
Luke Hinds, the founder of project sigstore will provide an introduction to the project and then outline how you can leverage sigstore to protect your kubernetes based workloads.
A
It's
nice
to
be
at
a
UK
event,
because
I
got
out
of
bed
this
morning
rather
than
being
in
some
random
hotel
somewhere.
So
it's
you
know
it's
really
good
to
to
be
on
home
grounds.
So
yeah
we're
gonna,
look
into
Sig
store.
It's
a
relatively
new
project,
so
actually
been
going
for
a
couple
of
years,
but
I
guess
it's
new
to
a
few
people
and
you're
going
to
be
it's
going
to
be
a
game
of
two
halves
going
to
do.
A
Some
slides
bring
everybody
up
to
the
same
Level
Playing
Field
as
to
what
six
door
is
what
it
offers
then
I'm
the
idiot,
that's
going
to
try
and
do
a
live
demo.
Okay!
So
let's
see
how
that
goes.
You
know.
Network
problems,
broken
clusters,
all
of
that
sort
of
stuff.
So
so
quick
introduction
to
myself
so
I
originally
started
six
door
back
in
2020.
Luckily,
a
lot
of
people
a
lot
smarter
than
me
have
helped
build
it.
A
I
I'm,
a
chair
on
the
technical
steering
committee,
the
other
stuff
I
do
is
a
kubernetes
security
response
team.
So
every
time
a
vulnerability
is
found.
We
are
the
folks
that
triage
that
we
run
a
hakawan
bog,
Bounty
program,
okay
to
handle,
reported
vulnerabilities
and
there
might
be
a
financial
reward
as
well.
There's
the
open
source
security
foundation
so
I'm
on
a
technical
advisory
Council
there
and
I
have
a
team
in
Red,
Hat
CTO
office
and
we're
all
focused
on
building
security,
Technologies
Upstream,
so
supply
chain
security.
This
is
very
common
now.
A
This
is
a
discussion
that
a
lot
of
people
are
having
I'm
imagining
a
lot
of
you
are
pretty
up
to
speed.
You've
heard
the
you
know
the
the
the
concerns
around
this
particular
threat
to
our
software
ecosystems.
Now
a
company
called
Sona
type
every
year
they
do
a
great
Roundup
on
what
the
current
think
us
are
around
supply
chain
security
and
add
this
one.
They've
got
this
whopping
742
increase.
Okay,
now
there's
a
multitude
of
attacks,
I'm
not
going
to
try
to
Deep
dive
any
of
these,
but
we
see
some
prolific
ones.
A
Leak
tokens
happens,
a
lot
typo
squatting
happens
within
package
managers,
key
compromise
protest,
wear
a
new
one
developers
become
burnt
out
and
effectively
hit
out
using
the
projects
that
they
maintain
and
then
it
being
a
supply
chain
that
these
attacks
proliferate
to
other
systems.
Okay,
so
it's
not
an
isolated
attack,
so
six
door,
like
I,
say
Sig
store
started
a
couple
of
years
ago
and
we
are
mainly
focused
on
software
signing
transparency
and
provenance.
So
provenance
is
a
record
of
how
a
software
artifact
was
constructed.
What
were
its
dependencies?
A
What
machines
interacted
with
the
build
process
that
artifacts
and
so
forth.
So
we
do
a
lot
around
container
images,
so
obviously
kubernetes
and
but
then
we
also
can
sign
lots
of
other
things.
There's
configs
and
we
are
integrating
with
multiple
package
managers.
So
there's
python
we're
looking
to
work
with
rust
at
npm.
We've
just
had
a
successful
RFQ,
that's
gone
through
around
using
six
doors
of
signing
mechanism
there
and
we
do
a
lot
around
attestations
as
well.
A
People
store
attestations
within
our
transparency
log
such
as
our
salsa
provenance
and
s-bombs
and
so
forth,
and
we
support
multiple
languages.
So
we
have
these
different
libraries
that
we
use
for
rust,
go
Ruby,
python,
JS
and
Java.
Okay,
now
I
won't
get
two
jazz
hands
here,
but
essentially
we
have
a
set
of
infrastructure
services
that
handle
the
complexity
of
software,
signing
with
the
idea
that
the
user
tools
are
very
simple
to
use
because
to
get
an
adoption
with
developers,
you
have
to
make
tools
easy
to
use
within
your
existing
workflows.
A
If
you
introduce
complexity
and
risks
such
as
key
management-
and
you
know,
setting
up
a
UB
key
and
all
of
these
sorts
of
for
some
developers,
something
that's
just
too
much
labor,
then
your
adoption
is
generally
quite
weak.
So
what
we
do
is
we
have
we.
We
have
the
complexity
within
the
infrastructure
so
where
these
various
Services
I'll
introduce
you
to
those
there's
a
fulsio
which
is
our
short-lived
sign-in
certificate
system.
It
interfaces
with
open
identity
connect.
We
have
our
client
tools.
A
Cosine
is
one
that's
very
well
known
and
has
seen
some
incredibly
good
adoption,
and
then
we
have
recore,
which
is
something
called
a
transparency,
your
log
and
you
can
think
of
it
like
a
blockchain,
but
I
I
will
shortly
go
into
each
of
those
projects.
So,
as
I
said,
fulsio
forceo
provides
short-lived
signing
certificates,
so
you
can
request
a
certificate
and
then
you
can
sign
an
artifact
and
then
that
is
stored.
You
can
then
immediately
discard
the
private
key
there's.
A
No,
so
what
full
show
brings
you
is
the
ability
to
not
have
to
manage
a
long
life.
Private,
key,
okay,
so
keys
are
actually
encoded
to
memory
a
lot
of
the
time
in
client
tools,
so
you
don't
have
to
worry
about.
Where
do
I
keep
it?
What
happens
if
my
laptop's
stolen
you
know,
do
I
need
specialist
hardware
and
so
forth.
A
We
have
Rico.
This
is
our
transparency
log
with
anybody.
That's
familiar
with
cryptographic
terminology.
It
uses
something
called
a
Merkle
tree.
So
when
you
put
something
in
there,
it's
immutable.
It's
tamper
resistant.
We
cannot
post
change
the
structure
of
the
tree
without
breaking
the
cryptographic.
Mathematical
equation
that
built
that
tree,
okay
and
the
good
thing
about
recall,
is
it's
observable,
so
everybody
can
see.
What's
happened
in
the
supply
chain,
you
can
have
an
artifact.
You
could
look
up
the
history
of
that
artifact
in
the
transparency
log.
A
We
then
have
cosine,
which
is
one
of
our
clients,
our
client
tools,
and
this
will
allow
you
to
sign
images,
blobs,
attestations
and
generally
things
that
are
stored
within
an
oci
registry.
So
you
can
sign
Keys
using
this
keyless
technology
that
we
have,
where
you
have
these
informal
keys,
but
you
can
also
use
local
keys
or
you
could
integrate
with
a
KMS
a
key
management
solution
at
the
various
Cloud
providers.
A
Likewise,
you
could
use
something
like
PK
pkcs11
or
a
UV
key.
So
what
is
you
know?
How
does
sigster
relate
to
kubernetes,
so
you
can
sign
containers,
you
can
generate
attestations
of
containers,
you
can
sign.
K8S
manifests
okay
and
then
these
are
realized
in
the
form
of
some
sort
of
a
mission
controller.
So
we
have
our
own
admission
controller
in
six
store.
Another
one.
A
That's
quite
popular
is
a
project
called
kyverno,
okay
and
then
Sig
release
and
substantial
parts
of
kubernetes
have
standardized
on
six
door
now
to
sign
the
images
that
it
produces
into
sinus
bombs
and
so
forth.
So
I'm
going
to
do
a
demo.
It
could
go
wrong
if
it
does.
If
it
works,
give
me
some
Applause
that
would
be
appreciated
if
it
doesn't
show
me
A
Bit
of
Sympathy,
you
say:
oh,
you
know
it's
demos.
You
know
they
don't
always
work
right.
A
A
A
A
So
we
commit
that
now
now
I've
committed
some
changes.
What
that
means
is
that
in
the
background
we
can
see
a
GitHub
action
is
kicked
off,
so
we're
going
and
jump
in
and
look
at
that
you
can
see
it's
essentially
a
building,
pushing
a
container
image
and
then
it's
signing
it
with
with
our
cosine.
But
the
interesting
thing
is:
if
we
look
at
that
part
you'll
see
that
it
actually
says
I,
don't
know
if
you
can
see
that
generating
ephemeral
keys,
so
a
key
pair
is
created
for
a
very
short
time.
A
A
So
you'll
notice
I'm
an
incredibly
good
typer
I,
don't
even
have
to
look
at
my
screen
most
of
the
time,
so
I've
got
a
very
long
command
here,
we're
using
a
the
recore.
This
is
the
transparency
log,
the
CLI
tool
that
we
have
I'm
pulling
out
some
Json
I'm
chopping
out,
various
key
values,
I'm
decoding
the
base64
payload
and
then
we're
going
to
end
up
with
an
x509
certificate.
Okay.
A
So
if
we
look
at
that
now,
interestingly,
what
you'll
see
is
that
there
is
a
full
path
to
the
GitHub
workflow
okay,
and
we
can
also
see
the
repository
where
the
container
was
built.
Now
to
do
this.
We
have
this
very
elaborate
process
that
happens
in
the
background.
We
leverage,
github's,
open
identity,
connect,
okay
and
they
will
sign
something
called
Scopes,
and
these
are
scopes
that
essentially
give
us
details
about
the
workflow
okay.
So
we
can
verify
these
Scopes
have
come
from
GitHub,
because
GitHub
generates
an
ID
token.
A
We
then
put
these
into
the
software
sign-in
certificate.
The
x509
certificate
that
you
see
here.
This
is
then
stored
into
the
transparency
log.
Okay,
so
effectively
you
have
guarantees
around
the
source
of
origin.
Here
you
have
cryptographic,
guarantees
that
are
very
reliable,
I
mean
somebody
will
normally
say,
oh
yeah,
but
what,
if
GitHub
get
hacked
well
if
GitHub
gets
hacked,
we're
all
in
trouble?
Put
it
that
way
so
generally,
these
are
very
good
guarantees
and
you're
not
having
to
manage
any
sort
of
long-term
key
here.
A
Okay,
so
if
I'm
going
to
just
quickly
show
we've
got
an
admission
controller
running
here:
okay
and
then
I
have
an
image
policy.
So
we
look
at
this
image
policy
at
the
bottom
here
you'll
see
we
have
our
good
kcd,
UK,
workflow,
okay,
so
we're
saying
the
container
must
have
been
generated
in
this
workflow
for
it
to
be
allowed
admission
to
the
kubernetes
cluster.
A
So
what
I'm
going
to
do?
First
of
all,
is
I'm
going
to
apply
that
to
our
namespace
I'm,
then
going
to
try
and
run
a
bad
image.
So
note
KDC
UK,
so
it
all
goes
well.
That
will
be
rejected.
So
you
see
the
expected
is
kcd
UK
and
the
received
is
KDC
UK,
so
you've
effectively
blocked
some
sort
of
typo
type
attack
there.
Likewise,
if
I
try
to
run
any
image,
that's
not
signed,
you
can
see
it
rejects
that
because
there's
no
signatures,
whereas
if
I
run
the
good
one.
A
A
A
Okay,
so
that
is
pushed
now.
What
I
need
to
do
is
I
need
to
quickly
make
this
image
public
now
there
currently
is
no
API.
That
I've
found
to
do
this
so
I'm
just
going
to
do
that
on
the
UI,
so
k,
c
d:
u
k
Alpine
switch
that
to
public,
because
it's
obviously
going
to
run
on
a
cluster
okay.
Now,
if
I
try
to
run
that
now,
would
it
work?
No,
it
wouldn't
because
it's
not
being
signed
okay,
so
it's
rejected.
A
So
what
I'm
going
to
do
now
is
I'm
going
to
assign
it
as
a
human
okay.
This
is
going
to
be
what
we
call
it
an
attended
sign
in
previously
it
was
unattended.
It
was
a
build
system,
so
I'm
going
to
just
quickly
load
a
new
manifest,
and
if
we
look
at
this
manifest
you'll
see
that
I'm
requesting
that
it
be
signed
by
an
email
address.
So
we
can
sign
container
with
email
addresses,
so
I'm
going
to
apply
that
policy
quickly
and
then
I'm
going
to
use
cosine
the
tool.
Okay.
A
Now,
if
you
notice
I,
do
not
have
any
Flags
the
passing
the
private
key,
so
there's
no
private
key
at
all
here.
Okay
run
that
it
just
gives
me
a
little
bit
of
a
warning
about.
This
is
going
to
go
into
a
public
transparency
log
and
then
bang
a
screen
pops
up
okay.
So
this
is
an
open
identity
connect
session.
So
what
I'll
do
is
I'll
log
in
with
Google
I'm
going
to
use
my
sixstore.dev
address
and
we
can
see
six
door
off
was
successful.
A
A
Okay,
we've
got
the
very
long
command
again
and
this
time
we're
going
to
kick
it
out
into
a
client,
email
pen.
So
it's
the
next
509
certificate.
So
if
we
take
a
look
at
that,
you
can
see
it's
been
signed
with
my
email
address.
Okay,
now
that
email
address
wasn't
for
me
that
came
from
Google
effectively,
so
we
have
guarantees
that
whoever
was
in
charge
of
my
Google
account
signed
that
container
now
my
account
might
have
been
hacked,
but
it's
in
the
transparency
log.
A
So
I
can
now
monitor
that
log
for
people
signing
things
as
me:
okay
and
then
you
can.
You
can
build
policy
around
these
sorts
of
things.
You
can
request
that
it
has
this
source
of
origin.
It
should
have
been
created
within
this
repository
and
it
should
have
been
signed
by
two
three
people.
Okay,
so
you
can
sort
of
build
a
layers
of
policy
on
top
of
this,
so
what
I'll
do
now
is
I'm
going
to
try
and
run
the
image
again
and
do
you
reckon
this
will
work
yeah?
A
So,
let's
just
conclude
here:
how
are
we
doing
for
time?
Five
minutes?
Great
okay,
so
just
just
to
round
up
six
I'll
give
you
some
more
details
because
I've
actually
finished
a
bit
quicker
than
I
thought
of.
If
you're
interested
in
sigster
go
to
six
store.dev.
Okay,
that
tends
to
be
our
main
portal
in
there.
You'll
find
all
the
details
of
the
projects.
You'll
find
how
to
reach
our
GitHub.
How
to
join
our
slack
workspace,
where
you
can
ask
questions
about
six
store,
you'll
find
all
of
the
projects
there.
A
We
have
some
good
docs
that
have
been
built.
It's
a
very
big
Community.
We've
had
over
500
contributors
work
on
the
project
over
20
different
organizations
like
I,
say
we're
seeing
rampant
adoption
in
npm
starting
to
work
on
getting
this
landed
into
rust
and
Java,
so
Maven
Central
are
going
to
start
using
Sig
store,
so
there's
been
a
lot
of
activity
around
the
project,
but
there's
room
for
lots
more
people
to
get
involved,
as
this
is
a
UK
event.
A
I
wanted
to
say,
I'm
open
to
mentoring,
doesn't
matter
that
if
we
work
for
different
companies,
if
anybody
wants
to
talk
about
their
growth
as
an
engineer,
I'm
always
welcome
to
have
a
virtual
coffee
with
somebody,
and
we
can
do
that,
and
and
thanks
to
the
committee
for
kindly
having
me
along
to
the
talk
and
to
the
sponsors
for
putting
this
event
on
and
have
a
great
couple
of
days.
Everybody
thank
you.