►
From YouTube: TGI Kubernetes 179: Project Sigstore
Description
Taking a look at cosign, fulcio, and rekor
A
Good
afternoon
everybody
and
welcome
to
today's
tgi
kubernetes.
Today
we
have
a
supply
chain
security,
inspired
episode,
still
focused
on
kubernetes,
but
all
the
exciting
projects
we
have
going
on
in
the
space.
I've
got
a
couple
of
great
guests
here
with
me.
Today:
we've
got
matt
and
scott,
so
welcome,
but
I'll
give
you
each
a
chance
to
do
a
quick
introduction.
B
Okay,
hey
I'm
scott
nichols
former
vmware
new
founder
of
chain
guard
we're
new
startup
trying
to
focus
around
supply
chain
security
and
matt.
C
Hi,
I'm
matt,
also
formerly
of
vmware
before
that
google,
before
that
microsoft,
also
one
of
the
founders
of
chainguard,
doing
supply,
chain
security
stuff
around
projects
like
the
ones
we'll
be
talking
today
and
salsa
sig
store
and
a
few
others.
A
Cool
well,
it
is
a
privilege
and
an
honor
to
have
you
here.
I
don't
think
that
matt
remembers.
The
first
conversation
I
had
with
him
was
a.
We
had
an
internal
group
talking
about
how
to
build
containers
and
this
guy
matt,
who
I'd
never
heard
of
before
started
presenting,
and
he
just
starts
as
he's
going
along
casually
mentioning
there's
this
co-thing
and
there's
this
gtr
thing
and
there's
this
k-native
thing
and
like
all
these
things
he's
like,
and
I
started
like.
A
I
started
these
and
I'm
like:
where
did
this
guy
come
from?
Why
I've
never
heard
and
it's
it
was
mostly
me
being
oblivious
to
all
of
the
the
things
matt
had
done,
rather
than
the
the
notoriety
of
it,
but
that
was
how
I
first
first
met
matt.
So
I
asked
him
some
some
really
basic
questions
and
now
we're
gonna
repeat
that
again
today
I
can
ask
him
and
scott
some
some
super
basic
questions
about
supply,
chain
security
and
everything
else.
A
So
for
all
of
you
joining
us,
it's
a
weekly
tradition
to
let
us
know
where
you're
tuning
in
from
I
see.
We've
got
some
people
from
the
netherlands.
People
from
scottsdale,
I'm
assuming
arizona
columbia-
I
am
in
we've-
got
chile,
northern
california,
I'm
in
chile
minnesota.
So
it
might
be
a
little
bit
colder
than
northern
california,
but
it
depends
on
your
elevation.
I
guess
germany,
brazil,
it's
awesome
to
see
people
tuning
in
all
over,
so
all
right
with
that.
A
Let's
take
a
look
at
the
week
in
review,
so
not
a
whole
lot
going
on
in
the
world
of
see.
If
we
can
show
the
notes
here
in
the
world
of
kubernetes
the
other
week,
1.23
came
out
and
there'll
be
a
tgiq
tgik
on
that
first
thing
next
year.
The
big
thing
on
everybody's
mind
is
the
call
for
proposals
for
kubecon
eu
closes
tonight
at
the
second
before
midnight
pacific
time.
So
if
you
haven't
got
your
cfp
in
yet
everybody
is
looking
for
a
company
sponsored
trip
to
valencia.
A
Spain
so
definitely
get
those
proposals
in
also
have
a
link
for
an
article
in
here
kind
of
walking
through
some
of
the
cool
new
dual
stack
stuff.
If
you
want
to
be
able
to
connect
to
services
in
aws,
using
ipv4
and
or
ipv6,
there's
a
little
bit
of
extra
to
go
through
there
and
then
log4j
everybody's
heard
about
this
probably
sneak
put
together.
This
really
awesome
github
repo
with
a
ton
of
sources
on
this
there's
information
about
explanations.
What
does
it
mean?
What
software
is
vulnerable
twitter
discussions?
Memes?
C
I'm
just
glad
that
I
dodged
it
by
not
hosting
too
much
in
java,
but
it's
been
pretty,
it's
been
pretty.
I
don't
know,
I
don't
like
I've
been
calling
it
the
worst
vulnerability
that
we've
seen
you
know
in
recent
memory
for
sure,
but
like
it
just
seems
so
exploitable
and
it's
pretty
remarkable
right
that
has
been
you
know
there
for
so
long.
In
effect,.
A
A
Yeah,
I
don't
I
don't
know
anybody
in
the
chat
feel
free
to
help
us
out.
If
you
know
I,
I
know
a
big,
a
big
part
of
the
debate.
I've
seen
as
far
as
like
the
severity
of
the
vulnerability
people
talking
about
like
how
bad
the
code
is
or
the
problem
is
versus
how
easy
it
is
to
exploit
and
that
that's
a
big
part
of
it
right.
It's
like
you,
look
at
you
know
the
conversation
about
the
the
intel
chips,
the
the
vulnerabilities
there
right.
A
Were
like
in
in
the
micro
architecture
of
the
the
chips
themselves,
it's
like
you.
You
can't,
unless
you
make
a
new
chip,
you're
not
going
to
fix
that
right,
but
in
order
to
exploit
the
vulnerability
in
the
chip
itself,
you
have
to
really
know
what
you're
doing
down
to
like
the
assembly
level,
or
something
like
that,
whereas,
like
this,
the
people
making
qr
codes
and
putting
them
all
over
the
place
so
that
when
you
know
some
kind
of
photo
recognition
thing
picks
up
on
it,
they
will
get
owned
by
a
qr
code.
A
So
it's
it
is.
It
is
fascinating
and,
and
dan
had
a
great
great
meme
of
it's
the
worst
one,
yet
the
worst
vulnerability
so
far,
but
I
think
you
know
the
other
thing
that
is
super
interesting
is
this
is
almost
exactly
a
year
after
solar
winds
right.
So
I
think
we've
really
been
thinking
a
lot
more
closely
about
this
over
the
course
of
last
year
and
then
to
just
see
this
is
one
more
thing.
There
will
be
something
else
tomorrow.
A
There
will
be
another
thing
and
that's
that's
the
way
the
this
goes,
but
yeah.
C
B
C
Like
one
of
the
one
of
the
next
ones,
that's
on
here
right,
like
it's,
been
sort
of
the
last
few
days,
scary
vulnerabilities
right,
like
the
log
log4j
log,
forge
whatever.
However,
you
pronounce
it,
I'm
going
to
say
4k,
that's
scary
in
terms
of
the
breadth
and
then
this
next
one
right
like
the
nso
pegasus,
zero
click,
vulnerability
right,
that's
scaring
people
in
just
like
a
whole
new
dimension.
C
In
terms
of
that
how
sophisticated
the
attack
is
and
how
you
know
short
of
like
putting
your
mobile
device
in
you
know,
faraday
cage
forever
and
never
turning
it
on.
You
know:
you're,
not
gonna.
You
know
avoid
getting
exploited
by
those
kinds
of
like
super
sophisticated
attacks.
Super
scary,
I.
B
Think
my
it's
not
an
exploit
per
se,
but
my
favorite
vulnerability
in
this
kind
of
problem
was,
I
think,
samsung
phones
had
a
qr
code
that
would
factory
reset
them
and
somebody
started
printing
those
out
and
sticking
them
in
this
new
york
subway
like
on
posters
because,
like
walk
up
to
the
post
you're
like
interesting,
I
want
to
watch
that
movie
trailer
scan
the
qr
code
and
for
a
lot
of
people.
It
just
opened
a
garbage
page,
but
for
those
special
samsung
devices
insta
wipe
no,
no
checking.
No,
no
anything.
A
Another
interesting
news
in
the
scope
of
supply
chain
security,
open
ssf,
we'll
talk
a
little
bit
more
about
that
group.
The
open
source
security
foundation
anker
is
proposing
to
donate
sift
and
gripe,
which
a
really
cool
set
of
technologies
that
we
talk
about
a
lot
in
the
project.
A
Six
store
slack
because
they've
decoupled
and
separated
out
some
of
the
concerns
of
generating
a
bill
of
materials
versus
leveraging
that
bill
of
materials
to
actually
detect
and
find
vulnerabilities
and
so
they're
proposing
to
donate
those-
and
I
think,
that'd,
be
a
really
great
addition
to
the
emerging
ecosystem.
That's
really
blossoming
inside
of
the
open
source
security
foundation
and
six
door
recently
also
moved
into
openssf,
which
is
a
really
great
home
for
the
the
project.
A
A
There
we
go
breaking
cosine
experimental
this
and
all
future
cosine
releases
will
generate
signatures
that
do
not
validate
in
the
older
version.
So
I
think
this
is
about
being
able
to
get
the
keyless
out
of
experimental
mode
right.
We
want
to
kind
of
move
past
that
and
be
able
to
use
it
by.
A
I
don't
know
if
by
default
is
the
right
way
to
phrase
it,
but
at
least
use
it
without
experimental
flags
and
some
other
piv
key
stuff,
which
is,
if
you
want
to
use
yubikeys
or
other
things
like
that
for
signing
and
releases
are
now
additionally
signed
using
the
keyless
flow.
So
it's
cool
to
see
a
cosine
being
signed
by
cosine.
C
So
I
guess
one
other
thing
that
we
can
call
out.
It's
not
I.
I
don't
know
whether
this
was
called
down
on
a
previous
cgik,
but
it's
it's
related
to
cosine
and
one
less.
It's
probably
worth
shouting
out
here,
anyways
in
the
last.
I
think
this
was
like
two.
Maybe
three
weeks
ago
now
sense
of
time
has
distorted
a
bit,
but
the
github
action,
starter
workflow
for
container
builds,
landed
support
for
cosine
keyword,
signing
by
default,
so
github.
A
C
Launch
this
support
for
producing
identity
tokens
for
the
workflow
that
you
run
as
and
this
works
for
merge
requests
cron
as
well
as
workflow
dispatch,
a
bunch
of
them.
It
doesn't
work
with
pr
flows,
because
you
know
you
don't
want
to
hand
out
credentials
pr
flows,
but
for
other
flows
you
can
generate
identity
tokens
and
then
you
can.
C
Identity
tokens
as
part
of
this
keyword
flow
with
project
six
store
to
sign
things,
and
so
the
starter
action
for
container
images
that
does
a
build
and
push
of
a
container
image
for
your
github
repo
now
supports
you
know,
has
the
identity,
token
permission
and
will
sign
things
with
cosign
after
it's
published
the
image,
which
is
super
cool,
because
now
you
know
when
you
start
to
use
containers
with
github
actions,
you're
set
up
to
also
start
signing.
C
Those
with
information
about
you
know
which
github
workflow
produced
that
container
image
so
and
one
of
the
things
that
landed
in
1.4
in
support
of
that
was
before
we
had
this
prompt
that,
like,
if
one
of
the
aspects
of
doing
keyless
signing
is
publishing
information
to
a
transparency
log
so
that
you
can
audit.
You
know
who's
signing
what
has
different
identities
and
by
default.
Cosign
will
not
publish
to
that
transparency
log,
which
is
public
for
private
images,
and
so,
but
it
would
prompt
you
if
it
detected.
C
The
image
was
private
before
it
published
there
and
in
keyless
flows
where
you're
running
as
part
of
a
workload.
Obviously
the
you
know
it's
not.
A
C
So
it's
you
know,
gets
an
eof
immediately,
and
so
it
was
cosine
was
panicking
prior
to
1.4.
So
we
couldn't
sort
of
enable
this
keyless
sign-in
flow
for
private
repos
in.
B
C
Starter
workflow
before
for
github
actions,
but
now
that
1.4
is
out
and
fixes
that
the
starter
workflow
for
private
images
will
start
to
sign
things
which
is
great
and
you
can.
You
can
have
even
private
and
private
repos
published
to
the
transparency
log.
If
you're.
Okay
with
you
know
the
hash
of
your
image
leaking
out
by
passing
the
force
flag
or
you
can
leave
that
off
and
not
publish
to
the
transparency
log.
A
C
That's
landed
recently
and
folks
should
check
it
out.
It's
awesome
man,
I
don't
know,
maybe
we'll
play
with
an
example
of
that
today.
A
Another
part
of
exciting
stuff
is
artifact
hub
and
a
lot
of
the
work,
I
think,
is
that
andrew
is
doing
around
helm,
charts
and
being
able
to
sign
those,
especially
the
the
oci
version
of
of
helm,
charts
or
orcid
repos
for
helm
charts.
It's
I
mean
we
talk
about
prevalence
of
kubernetes
software.
That's
out
there,
it's
helm,
charts
far
and
away,
I
think,
are
probably
the
most
common
thing.
If
anybody
has
statistics
on
that,
I'd
love
to
see
it.
A
It's
one
of
these
questions,
we're
always
looking
for
in
terms
of
what's
really
being
used
out
there
and
I
think
helm,
shells,
helm,
charts
are
super
popular
and
then
I
think
matt
added
another
cap
for
release.
Artifact
signing.
C
Yeah,
so
I
think
that
just
merged
today
but
yeah
the
cap
3031
to
start
signing,
release
artifacts,
I
believe,
with
cosign,
is
got
merged.
So
yeah
we'll
start
getting
signed,
release.
A
Yeah
one
of
the
things
we
talk
about
a
lot
is
always
secure
by
default
right
and
when
can
we
have?
You
know
something:
that's
gonna
for
signature
verification
enabled
by
default,
when
you
start
up
a
kate's
cluster
or
anything
else
right
and
until
kubernetes
itself
is
signed,
it's
going
to
be
awfully
difficult
to
do.
To
do
that.
So
that'll
be
really
helpful.
C
So,
there's
a
question
in
chat:
what
about
private
attestations?
I
guess
that's
not
advised!
So
that's
a
good
question
I
right
now
the
starter
workflow
isn't
doing
any
sort
of
attestation.
It's
also
not
doing
anything
with
s
bonds,
which
is
another
thing
that
it
could
potentially
look
at.
I
let's
see
so
cosine
of
this
yeah,
so
so
for
for
folks
that
aren't
familiar
they're
sort
of
layers
to
what
what
you
really
want
to
use
signing
for
right.
C
So
in
the
simplest
sense,
science
signing
is
a
way
of
sort
of
you
know
saying
you
know
I
I
produced
this
thing
right,
and
so
you
know
a
form
of
it
that
people
are
really
familiar
with
is
well.
Probably
developers
are
somewhat
familiar
with,
or
things
like
git
commit
signing,
which
you
know
the
person
who
signed
that
commit
you
know
in
is
sort
of
saying
you
know
I
I
produce
this
and
if
you
can
verify
their
identity
with
the
key
system,
then
you.
C
The
verified
box
on
github,
keys
off
of
and
things
like
that
so
stations
so
signing
things,
isn't
the
goal
right.
The
goal
is
to
enable
so
yeah
it's
signing
sort
of
like
authentication,
and
you
want.
What
do
you
want
to
use
that
authentication
for
right?
You
want
to
use
that
authentication
to
authenticate.
You
know
making
claims
about
a
thing
right.
I
produce
this,
which
is
the
sort
of
naked
signature
use
case
is
probably
the
simplest
thing,
but
really,
like
you
know,
say
scott's
producing
something,
but
I.
C
C
In
get
today
for
me
as
me
as
the
reviewer
of
say,
scott's
pr
to
you
know,
sign
metadata,
saying
I
approve
of
this
right.
That's.
C
Systems
like
did
have
layer
on
top
of
it,
and
there
aren't
really
ways
for
systems
to
sort
of
attach
information
to
at
least
not
well
standardized
ways
of
attaching
metadata
to
commits
that
are
signed
by
identities.
A
C
Than
the
commit
author,
and
so
this
is,
where
attestations
sort
of
come
in
right,
so
attestations
are
a
way
of
building
on
top
of
the
idea
of
signing
to
make
claims
about
things,
and
so
so,
let's
see
so
back
to
the
question
about
cosine
of
tests
and
the
transparency
log
stuff.
I.
B
C
Would
say
you
know
the
the
bits
about
sort
of
what's
what's
uploaded
to
the
transparency,
log
and
whatnot,
I
think,
are
pretty
similar
between
whether
you're
signing
the
claim
or
signing
the
image.
I
don't
think,
although
I
haven't
looked
too
deeply,
I
don't
think
any
additional
information
would
be
leaked
to
the
transparency
log
with
the
cosine
of
test
flow,
but
I
I
could
be
mistaken
there,
but
so
I
think
that
it
would
be.
C
So
hopefully
that
answers
the
question
as
well
as
give
some
insight
into
sort
of,
I
think
where
we
sort
of
went
ahead
with
this
idea
of
making.
C
A
Yeah
a
lot
to
dig
into
there
and
I
think,
there's
a
lot
of
different
ways
to
attest
to
things
and
a
lot
of
different
meanings.
People
can
assign
to
attestations.
So
we
can.
We
try
and
take
a
look
at
some
of
those
things
as
we
as
we
start
getting
into
the
the
live
action
and
the
demo
stuff.
So
one
of
the
other
things
you'll
hear
us
chat
about
today
is
salsa
and
operation
salsa,
a
really
awesome
set
of
youtube
videos.
A
Part
two
is
coming
soon:
I'm
not
gonna
open
the
links
for
for
these.
I
promise
they're,
not
rick
roll
videos,
but
you
can
also
just
google
operation,
salsa
and
aligned
with
that.
We've
got
a
brand
new
salsa
website.
So
salsa
is
what
is
salsa
supply,
chain
level,
art
supply
chain
levels
for
software
artifacts.
There's
some
really
good
videos
about
this
from
the
supply
chain,
security
con
as
well.
A
That
happened
at
the
last
co-located
event
with
the
last
kubecon,
where
I
think
priya
and
some
other
folks
go
through
all
of
the
the
things
we're
working
on
here.
The
big
thing
is
you
look
at
the
supply
chain
problem?
You
basically
have
these
the
high
level
steps,
and
not
only
are
the
steps
themselves
vulnerable
to
compromise.
Every
link
in
between
the
steps
is
vulnerable
to
compromise,
and
so
with
salsa
you
can
build
up
different
levels
of
assurance
and
so
kind
of
starting
with
level
one
two
three
four.
A
I
haven't
gone
through
all
the
stuff
on
this
new
website,
but
already
looking
at
it.
It
looks
awesome
so
and
then
there's
specifications
for
each
level
which
go
from
no
guarantees
very
low
level
to
eventually
level
four
is
going
to
be
super
strict
and
potentially
impossible
today
to
actually
achieve,
depending
on
on
who
you
talk
to
and
how
you
interpret
it.
However,
I
know
we
were:
we've
been
working
on
the
supply
chain,
security,
reference
architecture
in
the
cncf
six
security
working
group.
A
For
that,
in
between
the
time
we
started
the
reference
architecture
and
the
the
review
version.
That
is
right.
Now,
new
tools
have
been
created
that
didn't
even
exist
when
we
started
it.
So
whether
or
not
you
can
achieve
salsa
for
today
doesn't
really
matter
because
by
tomorrow
the
answer
will
be
different
and
we'll
get
closer
and
closer
to
being.
Yes,
for
every
opinion,
as
as
time
goes
on
so.
A
And
the
other
important
part
I
think
about
salsa
is
not
just
that.
There's
this
idea
out
there
and
there's
this
thing
that
people
are
talking
about,
but
we're
actually
seeing
different,
really
important
infrastructure
projects
to
talking
about
adopting
salsa
as
a
standard
for
how
to
communicate
to
the
consumers
of
their
software,
that
it
is
secure
and
so
kubernetes
itself
and
k3s
as
well,
are
looking
at
proposals
to
become
salsa
compliance
at
different
levels.
A
And
if
anybody
out
there
is
thinking
about
doing
this,
I
know
there's
a
lot
of
people
who
are
interested
in
helping
you
out
and
there's
on
the
salsa
dev
website.
There's
information
about
how
to
connect
with
the
community
there,
the
you
know
the
starting
point
of
level.
One
offers
a
whole
bunch
of
assurances
that
you
should
be
able
to
do
and
that's
a
that's
a
great
place
to
start.
So
you
definitely
should
not
be
afraid
to
start
there.
If
it's
something
you
want
to
do.
A
C
Start
somewhere,
yeah
and
if
folks
are
interested
in
learning
more
about
that
or
you
know
bandwidth
permitting
getting
some
help
on
some
of
the
early
steps.
There
definitely
reach
out
if
you're
you're
involved
in
an
open
source
project
that
you
know
wants
to
improve
its.
You
know
its
salsa
level.
We
can.
Hopefully
you
know
point
you
at
resources
or
potentially
you
know,
help
a
bit
there.
C
A
Cool
all
right,
so
that's
all
the
news
we
have
for
the
week
a
lot
of
news,
a
lot
of
exciting
stuff
in
the
supply
chain,
security,
space
and
pretty
much
everything
we
talked
about
is
related
to
containers
which
is
and-
and
I
think
kubernetes
as
well.
A
So
this
is
one
of
the
things
that's
like
the
intersection
and
the
overlap
of
where
this
space
is
improving,
I
think,
is
heavily
aligned
with
with
kubernetes
and
containers,
but
there's
still
a
lot
of
workloads
out
there
that
are
not
on
case
or
containers
and
and
that's
part
of
the
reason
why
maybe
we
get
into
a
little
bit.
You
know
we
finally
got
to
the
agenda.
What
is
six
store?
I
think
one
of
the
things
that's
important
to
to
like
recognize
the
six
store.
A
Well,
this
is
not
the
not
the
right
link,
but
six
store.dev,
we'll
update.
That
is
not
part
of
cncf,
which
is,
I
think,
an
important
thing
to
understand
in
terms
of
really
they
want
to
be,
as
it
says
right
here,
a
big
big
letter,
new
standard
for
signing,
verifying
and
protecting
software
doesn't
have
to
be
containerized
software.
A
It
doesn't
have
to
be
software
that
only
runs
on
kubernetes
software,
even
like
we
can
talk
about
that
right,
like
we're
talking
about
the
code
of
software
potentially
being
able
to
sign,
commits
being
able
to
sign
the
artifacts
that
are
produced
and
built
being
able
to
sign
sign,
different
stages
throughout
there.
B
C
Yeah,
really
it's
it's
all
about
making
signing
easy
and
we're
talking
to
folks.
You
know
we're
interested
in
extending
you
know
we're
we're
coming
from
the
cloud
native
space,
so
we
have
our
own
biases
towards
containers
and
stuff.
Like
that,
I
am
a
super
nerd
when
it
comes
to
things
like
containers,
I
try
to
keep
it
secret
from
folks
like
john
so
today,
but
we've
got
we've
got
folks.
Who
are
you
know?
Looking
at
you
know
pick.
B
A
C
Management
system-
and
there
are
folks
who
you
know,
are
looking
at
how
to
integrate.
You
know
the
six
course
signing
into
you.
Know
those
systems
and
you
know
make
it
really.
You
know
as
easy
as
I
think
we've
tried
to
make
it
for
container
images
so
yeah.
It's
definitely
not
just
about
containers.
B
A
A
Yeah-
and
I
think
another
important
part
to
call
out
here,
looking
at
the
co-
you
know
in
collaboration
with
section
here,
we've
got
a
really,
I
think,
a
good
list
of
companies
that
are
involved.
I
think
we're
all
on
the
call
biased
here,
because
we
are
part
of
company.
You
know
we
think
this
is
really
important
and
I
think
there's
seeing
besides
just
the
folks
representing
on
this
tgik.
You
know:
google
and
red
hat
and
universities
involved
the
linux
foundation
itself,
hpe
cisco.
A
It's
really
important
to
have
this
broad
industry-wide
recognition
that
this
is
a
great
way
of
solving
this
problem
and
then,
more
importantly
than
that,
looking
at
465
plus
members,
20
plus
organizations,
not
everybody
has
the
money
to
sponsor
this,
but
there's
a
ton
of
people
participating
and
getting
involved
in
the
six-door
slack
every
day.
I
see
a
message
from
someone
new
from
some
company
that
I
never
even
knew
was
using
any
of
the
six
store
technology.
A
You
know
post
a
link
to
their
their
company's
github
repo
or
something
else
where
they're
using
cosign
or
vulsio
or
recore
in
different
ways.
So
that's
really
really
cool
to
see.
A
So
we
can
kind
of
see.
I
think
we
talked
about
a
lot
of
the
stuff
here
and
one
of
the
things
you
know
we'll
talk
about,
why
sig
store
and
what
makes
six
store
different.
I
think
this
is
where
we
kind
of
get
into
a
little
bit
automatic
key
management,
the
transparent
ledger,
so
that
I
think
these
are
pretty
much
references
to
full
co
and
recore
and
we'll
dive
into
those
projects
specifically,
but
maybe
matt
or
scott.
A
Anything
in
particular
to
you
that
you
know
signing
is
not
a
new,
a
new
thing
we
had
notary
we've
had
v1,
we've
got
other
proposals
out
there
as
well.
We
have
gpg
for
a
long
time
right
and
they
have
not
been
widely
adopted.
They're
not
widely
used.
It's
not
not
really
like.
We
didn't
invent
new
versions
of
cryptography
or
new
math
or
anything
else
to
like
to
sign
this
stuff.
So
what
what
is
being
done?
That's
different.
That
makes
this
that
makes
six
store
matter.
C
Yeah
so
well,
I've
been
talking
a
lot.
I
don't
know
if
scott
wants
to
talk.
B
The
short
version
is
so
sig
star
is
trying
to
do
what,
let's
encrypt
it
for
https
right.
B
You
could
get
a
cert
five
years
ago
and
and
it,
but
it
involved
like
emailing
somebody,
your
credit
card
number
and
then
like
getting
the
cert
back
in
the
in
your
email
and
then
like
uploading,
that
to
your
website
or
whatever,
and
then
hope
that
you
remember
to
do
that
whole
thing
in
a
year
when
it
expires,
and
so
as
a
result,
only
a
handful
of
websites
were
secured
and
let's
encrypt
came
along
and
said
you
know
what
let's
make
it
super
easy
in
a
public
service
to
go,
get
a
certificate
to
encrypt
your
website
and,
as
a
result
like
95
of
the
web,
is
now
https
right
and,
in
fact,
like
chrome
makes
you
jump
through
hoops
to
visit
a
non-age
to
dvs
site,
and
so
I
think
sigstor
is
attempting
to
do
that
same
level
of
difficulty
for
container
signing
or
artifact
signing
or
blob
signing,
because
it's
too
hard
today
right,
we're
not
it's.
B
Let's
krypt
didn't
invent
anything
new.
They
just
assembled
the
pieces
to
make
it
right.
Sorry
they
invented
the
very
little
right
like
they
didn't
read,
discover
encryption
or
certificates.
They
just
exposed
it
in
a
way,
that's
friendly
for
website
developers
and
so
six
stars
doing
the
same
thing,
but
but
for
signing.
C
Yeah
so
I
mean,
I
think,
the
two
key
things
right
are:
it
was
hard
and
it
was
expensive
to
do
things
with
tls
before,
let's
encrypt
and
now
it's
you
know
easy
and
free
which
it's
you
know
hard
to
hard
to
compete
with
that
right.
So
I.
C
Signing
is
sort
of
in
that
same
sort
of
state
today,.
C
Keys
is
harder
than
it
should
be,
and
you
know
the
systems
that
manage
those
keys
are
often
very
very
expensive.
So
you
know
the
things
like
full,
ceo
and
whatnot
are
trying
to
do
that.
What
what
let's
encrypt
it
and
make
it
easy,
and
you
know,
free
or
as
close
to
free
as
we
can
make
it
before
the
sort
of
public
good
instance
to
get
folks
signing
things,
because
you
know
in
the
container
space
like
what?
What
percent
I
mean.
I
think
it's
probably
even
worse
than
https
on
the
web.
C
Don't
even
have
a
mechanism
for
signing
things
right,
and
so
you
know
some
of
those
conversations
are:
how
do
we
build
a
signing
mechanism
into
our
packaging
system
so
that
we
can
adopt?
You
know
six
store
and
the
related
technologies.
A
C
C
There's
a
lot
of
things
so
when
I
was
you
know
making
gestures
at
scott
when
he
said,
let's
encrypt
them
and
then
anything,
I
think,
from
a
sort
of
pki
perspective,
public
key
infrastructure-
let's
encrypt
in
you,
know
no
new,
cryptography
and
whatnot,
as
as
john
was
saying
one
of
the
things
that
you
know
did
come
out
of.
C
Or
an
alpn01
challenge
to
you
know
satisfy
you
know,
proving
that
you
own
the
domain
that
you're
asking
for
a
cert
for-
and
you
know,
depending
on
the
type
of
challenge
you
can
get
different
types
of
certificates
out
of
it
right.
So
this
is
one
of
the
places
that
fulcio,
you
know
is
learning
a
lot
from
what
let's
encrypt
did
and
there's
an
identity
challenge
process
that
you
go
through
with
fulso
to
prove
you
are,
who
you
say
you
are,
and
you
know
then.
A
C
You
know
your
key
is
linked
into
a
certificate
chain
to
a
root.
So
again
no
new
sort
of
pki
here
right.
It's
still,
you
know
key
pairs,
you
know
it's.
I
think
the
idea
of
certificate
chains
being
involved
in
signing
is
relatively
new
to
the
context
of
signing.
But
it's
all
a
very
you
know
well
understood
you
know.
B
C
Technology,
so
so
yeah.
C
A
Cool
yeah,
I
think,
there's
some
some
some
great
diagrams
and
things
to
walk
through
here
and
you
can
see
the
different
flows
and
the
root
of
trust.
We'll
maybe
talk
a
little
bit
more
about
that
when
we
get
to
looking
at
at
full
co,
but
maybe
now,
let's
just
double
check,
I
think
let's
go
ahead
and
try
and
sign
something
see
see
what
we
can
do
so.
The
first
thing
we
should
do
is:
if
I
look
I
I
do
not
have
cosine
so
I
I
need.
A
A
Yeah
girl
curl
pipe
bash.
What
is
the,
what
is
the
github
is
always
the
the
most
secure
place
to
get
stuff
right,
six
door
cosign,
and
we
just
do
I
just
download
a
release.
Does
it
give
me.
C
I
think
there's,
I
think,
there's
I
think,
there's
a
brew
package.
A
All
right,
yeah,
let's
see
if
brew,
works
on
this
machine.
One
thing
I
didn't
mention
that
I
should
have
is:
I
am
in
management,
so
as
an
engineering
manager,
nothing
on
my
laptop
may
work
we'll
see
what
happens.
I
do
have
minicube
running
so
I
sorry
at
least
figured
out
some
mechanism
for
getting
kubernetes
installed.
I
have
brew.
It's
it's
updating
homebrew!
I
should
have
done
that
before,
while
while
we
were
waiting,
but
we
will,
we
will
see
what
happens
here
yeah.
What's
I.
B
A
A
A
C
It
might
be
as
good
as
you're
gonna
get
right
now.
I
don't
know
if
they've
started
signing
with
cosign,
but
they
could,
because
I
heard
they
moved
a
lot
of
the
their
build
packages
to
ghcr
so
they're,
using
oci
to
store
a
lot
of
things
that
aren't
necessarily
containers
which
is
cool.
But
you
know
given
cosine
strong
support
for
oci.
C
A
There's
that
got.
C
You
can
also
you
can
also
try
and
verify
the
checksum
against
whatever
your
platform
architecture
are
from
the
release
page,
I'm
guessing.
There
are
some
checksums
on
there,
but
I
don't
work.
So,
let's
see.
C
Yeah,
there's
also
there's
also
signatures
for
a
lot
of
this
stuff
on
that
get
uploaded
as
well.
I'm
just
looking
at
the
mountain
of
things
that
we
attach
to
releases.
C
That
looks
like
fallout
6,
so
yeah,
so
one
speaking
of
like
non
oti
things
so
go
releaser
in
one
of
their
most
recent
hot
off
the
press
releases
added
support
for
doing
keyless
signing
as
part
of
releasing
go
binaries
right.
So
I
think
that
may
be
part
of
what.
C
Yeah
so
go
release
your
added
support
for
signing
as
part
of
the
go
release
process.
We
tried
to
get
github
to
add
a
starter
workflow
for
that,
but
unfortunately,.
B
A
C
You
know
convince
them
at
some
point,
but
unfortunately
we
couldn't
do
that,
but
but
yeah
check
out
the
go
releaser
support
for
cosine
as
well.
If
you're
just
releasing
go
binary,
I
think
that
may
be
what
we're
using
here
for
the
cosine
releases.
C
So,
let's
see
so,
let's
see
so
there's
now
so
cosine
verify
is
expecting
a
container
image
name.
So.
B
C
B
Okay,
so
gcr.io.
C
Project
sig
store
cosign
is
the.
Where
images
are
the
actual
release?
Images
are
so
you
can
say
so,
cosine
verify
if
you
say,
gcr.io
slash,
project
sig
store.
Let
me
just
make
sure
that's
right.
Yeah
project,
sig
store
all
lower
case,
no
punctuation
and
then
slash
cosign
and
then
well.
You
know
just
a
couple
more
so
so
this
is
gonna.
Do
the
keyless
verification?
C
C
Right
equals
true,
so
that
should
work,
you
can
add
colon
v
1.4.1
and
that
will
do
a
keyless
verification
of
the.
C
There
you
go
so
you
can
pipe
this
to
jq
as
well.
If
you
have
gq
installed
just
type
jq
dot,
it
gives
it
a
bit
more
pleasant
yeah.
So
you
can
see
some
cool
metadata
down
at
the
bottom,
so
this
is
who
signed
or
who
signed
this
you
can
see.
The
issuer
was
accounts
like
google.com.
So
this
is
a
google
identity
that
signed
it
and
the
subject
is
keyless
at
project
projectsigstore.iam.d.servicecount.com.
C
So
for
folks
who
aren't
familiar
with
how
google
service
accounts
work,
I
am
service
accounts,
the
project
sig
store
in
the
sort
of
domain.
Part
of
that
email.
C
Like
thing
is
the
project
id,
which
is
the
same
project
id
that
we
have
in
the
container
image
uri
and
then
the
name
of
the
service
account
within
that
project
is
keyless.
I
believe
this
is
using.
I
believe
this
is
using
google
cloud
build
to
produce
the
releases,
so
it's
using
those
to
impersonate
this
service
account
and
do
the
key
with
signing
flow,
which.
C
To
if
you
were
to
do
the
same
thing
with
say
that
one
of
the
distroless.
A
C
Slash
distribution
static,
you,
I
think
you
would
see
keyless
at
dystralis,
so
it's
naming
convention,
it's
nothing.
You
know
you
know
official
or
anything,
but
those
are
sort
of
the
identities
we've
adopted
for
doing
some
of
this
keyless
signing
for
the
things
that
are
going
through
google
cloud
build
so.
A
Cool
so
now
we
have
cosine
we're
fairly
certain
we've
got
a
good
version
and
then
there's
I'm
assuming
a
whole
bunch
of
commands.
Good
grief,
there's
a
few
more
commands
than
the
last
time
I
ran
this.
We've
got
attach
test
clean
completion.
Copy
docker
file,
download
generate
generate
key
pair
help,
I'm
assuming
that's
more
or
less
what
this
is
initialize
load
manifest.
A
So
many
things
I
think,
though-
and
maybe
I
don't
know
if
either
either
of
you
want
to
point
to
like
a
starting
doc.
I
I
think
we
have
to
sign.
We
have
to
generate
a
key
before
we
can
sign
anything
right.
C
Yeah
yeah,
so
I
I'd
say:
let's
start
with
generatekeybear,
which
is
you
know,
that'll
that'll
put
us
in
the
world
of
what
most
folks
are.
You
know,
maybe
doing
today
if
they're
doing
signing
this
will
generate
a
key
pair
locally
that
we
can
use.
So
it
spits
out
two
files
go
sign
that
key
and
cosign.hub
p
is
the
private
key.
So
it's
what
you'd
use
for
sign
in
and
cosign.pub
is
the
public
key.
So
it's
what
you
would
might
check
into
the
root
of
your
github
repo,
don't
check
in
the
directory
file.
C
But
oh
yeah
yeah,
okay!
Well,
you
can
check
this
in
john.
C
So
yeah,
so
we
can
use
this
to
do
some
signing
you
know
and
and
then
verify
it.
So
if
you
have
an
image
you
want
to,
you
know
that
you
do
have
a
container
registry
set
up
that
we
can
play
around
with
this
with.
B
A
Images-
let's
just
get
everybody's
favorite
small
image
alpine
right
and
let
me
see
if
I've
got
make
sure
this.
C
So
it's
definitely
I
I
mean
the
ecr
repo
urls
are
always
the
one
where
I'm
like.
I
gotta.
A
We
got
keychain,
you.
A
This
is
how
you
can
tell
I've
been
in
management
for
too
long,
I'm
getting
props
for
keychain.
A
We
pushed
something
to
the
registry
all
right,
so
our
registry
works
we've
got
an
image
there.
Do
we
need
in
the
registry
before
we
sign
it.
C
So
that's
a
good
question,
so
you
don't
actually
need
so
it's
it's
sort
of
a
subtle
thing,
so
you,
the
image,
doesn't
actually
have
to
exist
in
the
registry
to
sign
it
and
there's
a
mode
and
cosine
where
so,
if
you
set
the
cosine
repository
environment
variable,
you
can
actually
have.
Your
images
exist
in
one
place
and
you
could
say
find
that
thing.
C
But
if
you
set
the
cosine
repository
environment
variable
you
can
redirect,
where
all
of
the
things
that
cosine
would
sort
of
attach
to
that
image
to
a
different
repo.
So
if
you
were
to,
for
instance,
if
you
wanted
to
code
sign
out
the
official
alpine
image,
you
could
do
that
you,
you
just
don't,
have
access
to
push
to
docker
hub
right,
so
you
could
actually
redirect
it.
You
could
say
cosign
repository,
you
know
some
other
docker
name
and
it
would
publish
the
dot
sig
and
dot
at
dot
s
bomb
things
there.
C
So
you
technically
don't
need
to
copy
it
as
you
just
did,
but
I
think
it's
you
know
exactly
where
folks
will
start
so.
This
sort
of
repo
splitting
is
a
more
advanced
use
case.
So
this
is
a
good
first
thing
to
show.
So
there's
been
some
chatter
in
chat.
I
just
wanna
make
sure
you.
C
A
C
So
yeah,
so
the
generate
keypair
thing
you
know
and
having
the
key
and
pulling
right
key
on
disk.
That's
just
sort
of
the
sort
of
kicking.
The
tires
example
there's
a
whole
spectrum
of
different
options.
So
you
can,
you
can
use
key
references
that
are
both
files
locally,
that
are
generated
with
generate
keypair,
there's
also
sort
of
a
uri
based
scheme
where
you
can
point
at
different
kms
systems
or
even
a
kubernetes
secret
to
you
know,
use
keys
from
different
kms
systems.
C
I
think
gcpks
aws,
kms,
azure
kms,
are
all
supported.
Kubernetes
secrets
are
supported,
I
don't
know
whether
or
not
volt
supported,
but
I
would
guess
it
probably
is:
there's
a
there's
also
some
support
for
different
hardware
signing
options
in
there.
You
know
I
don't
mention
before
the
pivky
stuff,
so
you
can
use
some
of
those
mechanisms
as
well
and
then,
in
addition
to
those
there's,
you
know
the
keyless
stuff,
which
you
know.
B
C
Excited
about
that
stuff,
because
it's
so
easy,
but
but
yeah
there
are
support
for
a
variety
of
kms
systems
in
cosine.
If
you
have
issues
file
an
issue
or
reach
out
on
slack,
pretty
active
on
slack.
C
Oh,
no,
I
don't,
I
don't
think,
that's
necessarily
true.
I
don't
think
it
has
to
be
generated
by
cosine,
but
I
am
not
sure
exactly
what
the
whether
there
are
constraints
around
the
types
of
keys
and
supports,
or
anything
like
that.
I
believe
it
supports.
You
know
the
most
common
kinds.
Like
you
know
I
I
can
never
remember
all
of
the
whole
acronyms.
You
know
ecds
and
yeah.
C
But
not
all
of
them
yeah
yeah,
so
I
I
would
certainly
say,
try
it
and
if
one's
missing
like
I
don't
think
it's
that
bad
to
add
them.
But
you
know
famous
last
words:
it's
worth
at
least
filing
an
issue,
and
we
can
you
know,
try
it.
A
Yeah
yeah
and
I
I
did
see
part
of
the
reason
besides
burning
myself
is
you
know
that
actually
says
begin
encrypted,
cosine
private
key?
So
that's
you
know.
The
specific
thing
gets
generated
by
that
the
cosine
generate
key
pair
does
say
cosine.
So.
C
I
yeah,
I
don't
think
we
actually
use
those
for
any
sort
of
semantic
purpose
or
require
it
to
be
a
cosine
key.
That's.
C
The
pen
encoded
thing
shows
up
so
so
hang
on
to
that
digest
before
you
clear
the
screen
or
anything,
because
I'm
a
stickler
for
signing
digests,
not
tags.
So
we
should
definitely
not
just
sign
the
tag.
We
should
sign
the
digest
we
pushed
but
yeah,
so
you
should
be
able
to
pass
the
key
in
with
that
key.
C
And
then
here
you
would
put
cosine
dot
key,
so
this
is
one
of
the
places
you
can
use,
one
of
the
sort
of
urish
things.
I
think
you
can
say
something
like
gcp,
kms,
colon,
slash,
splash
and
then
there's
you
know
a
mechanism
for
referencing
a
key
within
gcp
kms.
You
know.
Similarly
you
can
say
kate's
colon,
slash,
slash,
namespace
secret
name,
and
it
can
use
that
as
either
a
signing
key.
C
C
So
you
can
copy
the
tag
you
push
up
above
we
well,
we
need
the.
We
need
the
tag
bit
first,
so
blah
blah
blah
blah
blah.
C
All
right,
yeah,
so
all
right
so
yeah
you
gotta,
enter
this
and
now
yeah.
So
now
push
the
signature
to
that.
So
do
you
happen?
Do
you
happen
to
have
crane
installed?
Probably
not
so
you
can
say:
yeah!
Okay,
don't
worry
about
it!
C
Okay,
all
right,
yeah,
crane!
So
there's
a
library
that
a
bunch
of
these
tools
built
on
called
we
call
it
ggcr
for
short,
but
github.com,
google
go
container
registry,
it's
really
a
sort
of
an
sdk
for
interacting
with
ci
images,
and
you
know,
while
we
were
building
it,
we
were
like.
Well,
we
don't
want
to
have
to
like
write
code
to
use
all
this
cool
stuff,
and
so
I
I
don't
remember
whether
it
was
jason
or
john
was
like
we're.
Gonna
write.
C
You
know
a
cli
that
just
tries
to
harness
some
of
this
functionality
and
it's
grown
over
time.
But
there
you
go
it's
even
in
brew,
so
you
can
say
crane
ls
and
then
that
reboot
name
and.
C
So
it
basically
tries
to
be
a
bit
of
a
registry
cli
for
things
that
don't
happen
so,
okay,
so
ls
uses
the
tags
list
endpoint
and
you
can
see
we
pushed
the
latest
tag
up
above
and
then
when
we
signed
it.
Basically,
the
way
cosine
works
today
to
maximize
its
compatibility
with
existing
registries.
C
Is
it
pushes
a
little?
You
know,
oci
thing
alongside
the
image
that
encodes
in
the
tag
name
the
hash
of
the
image
it's
signing.
So
if
you,
if
you
were
to
say
crane
digest
on
you,
know
that
same
reference,
you
have
above
yeah
so
that
you
know
e7
blah
blah
blah.
That's
exactly
the
digest
that
the
image
we
just
pushed
so
the
name
of
the
tag,
sort
of
captures
that
that's.
C
C
You
know
we
aren't
relying
on
that
for
semantic
purposes,
we're
relying
on
that,
mostly
as
a
convention
for
discovery.
There's
some
work
in
oci
to
try
and
extend
oci
to
support.
What's
called
references,
that's
been
sort
of
a
long
process
getting
there,
but
I
think
the
working
group
for
that
is
starting
to
you,
know,
get
organized
and
that
will
hopefully
allow
us
to.
C
From
these
sort
of
conventions
to
something
that's
sort
of
more
first
class
within
oci,
but
you
know
having
done
this
for
a
long
time
I
so
I
started
the
gcr
team
at
google,
and
so
we've
been
doing
this
since
v1
of
the
registry
scheme
and
every
time
a
new
thing
came
out.
It
was
years
before
it
was.
You
know,
really
pervasive
right,
so
v2
of
the
registry.
A
B
C
And
you
know
it
took
really
years
before
all
of
the
different
registries
supported
that
schema
two,
so
so
yeah
it
takes
a
while
for
some
of
these
things
to
roll
out.
So
what
cosine
is
doing
today
is
very
pragmatic,
like
okay,
it
works
with
basically
every
single
registry.
I
think
it
works
with
every
registry,
I'm
aware
of
with,
I
think
the
exception
of
quay.
C
The
open
source
quay,
I
think,
has
support
for
it
with
the
latest
release,
but
I
think
the
hosted
key
I,
but
it's
another
one,
I'm
just
gonna
pronounce
it
wrong
and
you
can
make
fun
of
me
on
twitter.
I.
B
C
So
yeah
the
hosted
way,
I
think,
is
a
little
bit
behind.
C
It
but
yeah.
A
Yeah,
I
think
I
was
looking
at
the
the
oci
spec.
The
spec
itself
for
container
images
in
the
last
release
was
in
2017,
so
it's
definitely
yeah.
It
moves
at
a
different
pace,
but
also
the
implications
are
huge
right.
The
consequences
of
all
the
software
in
containers
that
exist
today
we
talked
a
little
bit
about
how
not
all
software
is
containers,
but
there
is
a
lot
of
software
that
you
know
how
many
years
ago
did
gcr
start.
C
So
I
started
gcr,
let's
see
we,
we
started
that
team
right
when
I
came
back
from
paternity
leave
and
my
daughter's
turning
eight
in
january,
so
it'll
be
a
well.
The
team
will
be
eight
in,
I
think,
may
gcr
would
launch
privately
sort
of
towards
the
end
of
that
year
and
publicly
baited
early
the
following
year.
So
early
2015
is
when
I
think
gcr
went
publicly
beta
and
yeah.
A
C
Well,
I
mean
v1
of
the
registry.
Didn't
support
content
addressability,
so
there
were
no
digests,
which
you
know
pains
me,
because
there
are
things
you
know.
I
think
there's
debt
and
kubernetes
and
some
other
places
that
probably
wouldn't
have
been
introduced.
The
way
it
was
introduced.
C
If
you
know
there
were
proper,
digest
support
in
the
early
registry
stuff,
and
it
took
long
enough
to
add
that
some
of
that
stuff
sort
of
baked
in
but
but
yeah
I
I
lost
my
train
of
thought:
yeah,
oh
yeah,
but
the
content
of
disability,
one
of
the
fun
things
about
that
is.
It
makes
sort
of
automatically
migrating
to
newer
formats
hard,
if
not
impossible,
right
so
v1
images.
C
We
could
roll
forward
to
v2
because,
like
people
couldn't
use
a
digest
to
pull
e1
images,
and
so
even
if
we
changed
it
under
the
hood,
which
you
know
we,
we
didn't
actually
change
how
we
were
storing
it
in
gcr
we
just
had
a
smart
serving
layer
that
would
serve
it
as
v2
if
you
wanted
to.
But
you
know,
if
you're
pulling
by
digest,
we
can't
change
what
we're
serving
you
right.
We
have
to
serve.
You
exactly,
but
that.
C
That's
the
nature
of
content
adjustability,
so
it
will
affect
the
ability
to
actually
you
know
upgrade.
A
C
A
B
A
All
right,
so
now
we
sh
we
have
something:
we've
got
it
signed,
should
be
able
to
verify
it.
Yes,.
A
We
probably
don't
want
to
verify
with
the
private
key.
A
C
It's
funny
that
it
prints
that,
but
it
did
not
verify
things
against
full
seal
right
yeah.
Oh
that
looks
like
bud
yeah
and
there
I
mean
we
weren't
using
the
full
seal
roots.
So,
but
we
should
use
the
full.
A
Seal
route:
let's
use
the
full
cover.
Let's
do
that
now
that
I
can't
use
this
private
key
anymore
right,
because
I
printed
it
out
what
are
we?
How
are
we
going
to
assign
this
thing
and
all
we
need
is
cosine
experimental.
C
Yep
yeah,
so
basically
what
this
is
going
to
do
when
you
run
it
is
it's
going
to
generate
a
key
key
pair
in
memory
and
then,
as
you
can
see
it
popped
up
in
a
browser
window.
This
is
sending
john
through
a
300
with
you
know,
there's
a
few
identity
providers
that
are
supported.
So
you
pick
one
of
the
identity
providers.
If
you
go
back
to
your
browser,
so
this
is
prompting
you
so
you
can
pick
yes.
C
Basically,
let's
walk
through,
what's
happened
so
far,
so
cosine
generated
you
can
see
generating
ephemeral
keys
there
at
the
top
of
the
output,
so
it
generated
the
ephemeral
key
and
then
it
basically
wants
to
take
those
keys
and
sign
it
into
a
certificate
chain,
that's
rooted
at
the
full
seo
route.
So
it's
sent
john
through
what
I've
been
calling
an
identity
challenge
right
to
prove
that
john
is
who
john
says
he
is
and
not
just
a
deep
fake.
It's
secretly
joe
beta.
C
And
so
so
now,
folksio
knows
that
you
know
john,
is
john
and
takes
that
ephemeral,
key
pair
and
basically
signs
it,
and
you
know
gives
a
certificate
that
it
includes
a
bunch
of
metadata
that
we'll
poke
at
for
a
second.
But
now
using
that
key
pair
you
can
sign
the
information,
the
image
and
it
can
be
verified.
Even
you
know,
without
that.
C
C
You,
whether
you
want
to
publish
the
signing
about
it
to
the
public
transparency
log,
I'm
pretty
sure
youtube
counts.
As
you
know,
another
short
public
blog,
so
we're
probably
not
leaking
anything
aside
from
troop
writer,
but
so
yeah,
it's
probably
safe
to
publish
that
there
and
you
can
see
a
t-log
entry
created
with
index.
A
C
Yeah,
so
now
what
we
can
do
is
we
can
do
that.
C
So
so
yeah,
so
this
is
super
interesting
well,
so
I
guess
we
already
saw
an
example
of
the
keyless
flow
before,
where
you
know
it
was
being
signed
with.
Google
service
account
identity,
and
you
can
see
the
information
about.
You
know
what
signed
the
the
doctor
references,
the
repo
name,
the
docker
manifest
digest
is
the
digest.
We
sign,
I'm
not
sure,
type
effort
changes.
C
B
Think
the
thing
that's
interesting
about
this
is,
you
know,
just
like:
let's
encrypt
made
https
available
on
the
web
before
that
you,
maybe
if
you
found
a
website
that
was
https,
you
could
kind
of
trust
it
a
bit
better
about
its
legitimacy.
But
now
I
can
make
a
fake.
You
know
bonk
usbonc.com
and
I
could
get
a
cert
for
it
and
I
could
trick
you
into
like
trying
to
log
into
something
right
if
we're
doing
keyless
signing
here.
B
Not
only
do
I
trust
that
the
signature
came
from
this,
the
the
keyless
root,
but
there's
also
this
identity
attached
and
the
identity
now
becomes
the
thing
that
we're
looking
at
rather
than
in
the
previous
example,
you're
validating
against
a
public
cert,
assuming
that
the
private
key
is
private,
so
that
you
kind
of
have
to
establish
that
piece
of
trust,
but
there's
not
necessarily
identity
attached
to
it.
B
You
could
attach
an
identity,
but
by
default
it's
not
there,
but
this
one
gets
identity
and
the
signature
attached,
but
you
can't
necessarily
trust
the
root
in
in
that
the
anyone
can
use
that
same
root.
They
use
this
tool,
but
they
can't
attach
your
identity
to
it.
So
that's
kind
of
what
matt
was
talking
about
where
you
have.
C
C
Yeah,
so
so,
there's
a
few
there's
a
few
different
sort
of
points
to
make
about
this.
You
know
one
of
the
questions
in
chat
was
about.
You
know,
as
the
browser
challenge
one
time
we're
going
to
be
used
to
science
as
john
yeah.
So
it's
it's
a
one-time
challenge
flow.
It's
not
it's
not
doing
a
sort
of
refresh
flow
or
anything
like
that.
So
each
time
we
sign
it,
it
would
send.
C
You
know
humans
through
the
that
three
low
flow
and
one
other
important
aspect
is
the
key
pair
that
is
generated,
the
ephemeral
keys
that
we
saw
it
generating
those
live
for
some
very
short
amount
of
time.
It's
like
you,
know,
10
15
minutes.
Maybe
it's
20
minutes,
20
minutes.
Okay,.
C
Anymore
and
that
well
the
yeah,
the
private
key
is
never
written
to
disk.
It
sits
in
memory,
it's
used
to
sign
it
and
then
it's
thrown
away
so
never
hits
disk
and
then
and
then
a
whole
bunch
of
information
is
then
included
into
the
certificate.
So
if
we
scroll
down
a
little
bit,
we'll
see
john's
email
and
it
was
verified
through
the
google
flow,
so
you
can
see
counseling.com
and
john's
email
there,
and
so
this
is
him
signing
it.
C
Using
the
human
three
three
leg
open
id
flow,
the
you
know,
obviously
the
the
workload
based
signature
we
showed
before
on
on.
I
don't
know
if
we
showed
distro
list,
but
we
showed
it
for
cosine.
It
signed
it
as
a
service
account.
A
C
Yeah
connoisseur,
so
I
don't.
I
don't
know
a
lot
of
the
details
about
connoisseur,
specifically
other
than
it's
an
admission
controller
and
what
is
kind
of
so
it
lists
six
four
cosine
under
what
it
aims
to
support.
But
so
I
I
don't
know
specifically
the
state
of
the
integration
there,
but
I
do
know
that
there's
a
few
different
admission
controllers
that
folks
have
been
using
to
do
verification
of
cosine.
C
With
I
am
pretty
sure
that
you
can
use
opa
gatekeeper
to
do
signature,
signature,
verification
of
cosine
signatures.
Caverno
has
support
for
a
variety
of
cosine
signatures,
attestations
and
s
balms.
I
believe,
and
there's
also
a
sort
of
there's
what
we
call
co-signed,
which
is
an
admission
controller
that
lives
in
the
cosine
repo
itself.
Where
engineers
we're
terribly
naming.
B
A
Yeah
and
there
was
a
a
deeper
dive
on
connoisseur
in
a
general
sense.
I
don't
think
it
was
specific
to
cosine
two
weeks
ago
on
tjik.
I
think
it
was
the
week
we
had
two
episodes,
though
so,
rather
than
being
177.
I
think
it's
actually
176,
because
it
was
the
morning
time
on
that
friday.
So
we'll
put
a
link
to
that
in
the
notes.
Afterwards,.
C
Yeah,
so
I
it
lists
notary
v2
as
planned,
but
there's
no
comment
next
to
the
six
store,
so
it
looks
like
it
should
support
it.
But
I
don't
know
the
details
of
that
yeah.
A
Yeah
and
actually
maybe
maybe
we
can
take
a
a
this-
is
going
to
be
a
selfish
indulgence
for
myself.
I
want
to
take
a
look
at
the
cosigned
real
quick
here.
If
we
look
it's
in
the
it's
in
package,
or
is
it
in.
C
But
the
bulk
of
the
logic
is
in
somewhere
buried
under
pkg,
so
this
so
there's
there's
two
web
hooks
that
the
co-signed
binary
runs.
It's.
It
runs
a
mutating
web
hook
that
resolves
tags
to
digests,
and
so,
even
if
you
pass
tag
references
to
your
deployments
or
your
staple
sets
or
your
pods,
it
resolves
them
to
a
digest
and
then
it
what
it
verifies
is
that
that
digest
is
assigned
and
part
of
the
reason
it
does.
C
That
is
if
it
verifies
what
your
tag
currently
points
to
and
lets
it
through
the
pod
that
spins
up
could
pull
that
tag
and
that
tag
might
point
to
something
completely
different.
Or
you
know,
one
of
one
of
the
things
that
I
love
to
hate
on
in
kubernetes
is
pull
policies,
because
you
know,
as
someone
who
spent
a
bunch
of
time
in
registries,
every
time
pool
policy
did
the
wrong
thing.
It
wasn't
kubernetes
fall,
kubernetes
could
do
no
wrong.
It
was
my
fault
like
why.
A
C
Favorite
story
there
to
digress
a
little
bit.
I
guess
it's
a
tangent,
so
it
fits
with
the
whole
coastline.
Trigonometry
puns,
but
my
favorite
example
was
there's
someone
who
came
to
me
and
they're
like
matt,
I'm
so
confused.
I
I
deleted
this
image
from
you.
C
All
my
deployments,
I
deleted
the
images
from
the
registry.
I
deleted
it
from
my
local
docker
thing,
and
yet,
if
I
apply
this
kubernetes
manifest
it,
my
app
still
deploys.
How
is
it
getting
the
image?
Why
are
you
serving
the
image?
Is
this
an
eventual
consistency
thing
and
I
was
like
no,
the
kubelet
still
has
your
image
sitting
around
and
it's
not
deleting
it
and
there's
no
mechanisms,
for
you
know
it
to
know
really
that
this
thing
has
gone
away
because
it
wasn't
doing
pull.
B
C
It
we're
cool
and
spinning
up
the
app
this
person
is
so
confused.
You
know
smart
people
getting
very
confused
by
this
sort
of
stale
caching
behavior.
So
I
love
the
hate
on
image:
pull
policy
as
one
of
those
things
that
if
digests
had
existed
in
docker
v1,
we
might
have
been
able
to
have
a
better
answer
to
early
on
in
kubernetes,
but.
C
So
yeah
that
was
that
was
not
poll
policy
based
but
yeah.
So
I
wrote
something
called
warm
image
that
basically
it
it
basically
would
pre-pull
images
to
every
node
in
your
cluster
so
that
you
wouldn't
pay
pull
latency
spinning
up
images.
Please
don't
run
it
it's
I
haven't
touched
it
in
years.
C
It
probably
has
it's
written
in
go,
but
it
probably
has
the
log4j
vulnerability
somewhere
in
there.
C
Every
so
often
someone
finds
one
of
these
little
repos.
Where
I
did
something-
and
you
know
there's
like
you
know,
the
awesome
go
twitter
thing
and
someone's
like
hey
matt.
Did
you
see
this
one
of
your
repos
is
on
here
I
go
and
I
reply
like.
Please
don't
use
this
yeah,
so
that
was
that
one's
come
across
one
of
those
things
a
couple
times
but
yeah.
If
you're
interested
in
that
kind
of
thing,
I'm
happy
to
talk
about
it,
but
you
know.
A
C
At
your
own
risk,
I
I
don't
pay
attention
to
it
really
at
all.
So.
A
So
the
thing
I
wanted
to
my
tangent
here
that
I
asked
ask
you
about
is
how
many
different
k
native
imports
are
in
this
this
web
hook,
and
maybe
to
contrast
this,
what
would
the
the
equivalent
version
of
building
this
web
hook
look
like
if
you
weren't
using
k
native
how
much
more
code
would
it
be
or
boilerplate.
B
B
The
short
story
is,
there's
a
bunch
of
mechanisms
to
help
just
write
the
framework
for
getting
the
the
hook
installed,
but
we
also
do
certificate
management
for
registering
the
hook
to
the
api
server.
So
we
don't
need
cert
manager
and
that's
really
the
huge
benefit
here.
Is
that
there's
just
not
another
another
operator
doing
the
cert
management,
because
it's
it's
not
that
much
code
and
there's
other
mechanisms
that
we
wrote
in
k-native
to
help
register
resources
to
methods
to
do
validation,
mutating
and
admission
control.
C
Yeah,
so
I
I
mean
we
developed
a
whole
lot
of
facilities
like
that,
so
we
we
we
sort
of
built
our
controllers
the
hard
way,
but
back
when,
like
you
know,
the
best
example
of
how
to
get
started
was
kate's
sample
controller,
which
oh
there's
so
many
things
in
there
that
are,
like
you
know,
cautionary
tales,
but
but
yeah.
C
So,
basically,
over
the
years
as
we
sort
of
ran
into
things,
we,
you
know
refined
our
own
best
practices
and
built
the
facilities
we
needed
for
things
so
like
we,
we
use,
we
use
the
admission
control
the
admission
web,
hooks
both
mutating
and
validating,
to
do
our
own,
like
smart,
defaulting
and
smart
validation.
C
Since
you
know
this
is
dating
back
to
web
hooks,
barely
being
beta
right
in
kubernetes
right
at
one
point,
we
were
like
well
crds,
don't
support
bumping
generation,
so
we
had
like
our
web
hooks
using.
We
had
a
spec
dot
generation
field
and
we
had
our
web
books
balancing
some
of
these
things,
but.
C
But
basically
a
defaulting
allows
you
to
mutate
things,
and
really
all
you
have
to
do
to
do
to
you
know,
get
support
for
the
web
hook
to
do
this
if
you
scroll
down
a
little
bit
so
there
are
these
types
you
can
see.
We
we're
pointing
apps
v1
scheme
group
version
with
kind
replica
set
at
this
duck,
v1
with
pod
thing
and
we're
actually
using
with
pod
for
all
of
them.
C
It's
basically
set
defaults
and
then
validate,
I
believe,
and
so
basically,
by
implementing
those
you
can
use
them
with
our
web
hook
and
like
this
is
the
extent
of
what
you
actually
have
to
write
yourself
and
then
you
know
it
handles
stuff
like
creating
a
patch
for
you
to
return
as
part
of
the
mutating
web
response.
C
Or
you
know
creating
the
appropriate,
you
know
admission
response
when
you
know
you
return
an
error
from
the
validate
method,
so
it
tries
to
make
that
easy.
So
we
are
actually
leveraging
duct
typing
here
a
little
bit,
because
you
know
you
can
see
we're
using
that
duck.
V1
with
pod
for
all
of
the
different
sort
of
apps
resources.
C
Replica
set
deployment
staple
set
even
set
job,
so
scott
talked
about
duct
typing
on
a
previous
tgik,
but
basically
these
all
have
a
sort
of
shared
common
shape
with
you
know,
spec.template.spec,
containers
or
spec.template.spec.containers,
and
so
you
don't
need
to
know
the
full
schema
of
a
deployment
to
extract
those
bits
and
do
things
like
tag
to
digest.
C
Or
even
you
know
the
limited
validation
we're
doing.
We
just
need
to
be
able
to
extract
those
image
references
and
then
either
resolve
them
in
the
mutating
webhook
or
validate
them
in
the
validating
weather,
and
so.
C
Typing
stuff
makes
this
fun.
B
A
C
And
yeah.
A
Cool
thanks
for
all
that
background.
B
C
Right,
well,
I
mean
the
first
version
of
it
was
using
some
of
the
controller
runtime
stuff,
I
believe,
but
but
it
also
depended
on
stuff,
like
cert
manager
and
and
stuff
like
that.
But
you.
C
C
Generics
would
yeah,
I
mean
generics,
would
simplify
the
kubernetes
client
stuff
tremendously.
The
whole
need
for
cogen
in
kubernetes
client
go
as
well.
A
C
Downstream
controller
stuff,
I
would
say
the
vast
majority
of
it
which
well
it's.
C
C
Yeah
yeah,
I
would
say
a
lot
of
the
code:
gen
would
go
away
yeah
but
yeah.
It's.
A
C
Of
the
things
look
at
it,
I
we're
exiting
the
territory
that
I
do
on
my
on
a
daily
basis.
A
Yeah,
I
think
one
of
the
things
I'm
I'm
curious
about,
or
that
comes
up
frequently
at
least
is
the
idea
of
you
know.
We
talked
a
little
bit
about
impersonating
like
could
somebody
have
intercepted
this
this
challenge
and
then
tried
to
sign
things
as
me,
and
this
is
a
more
general
thing
with
keyless
as
well.
You
don't
have
those
keys.
How
do
you
rotate
the
keys
like?
C
Yeah
I
mean
I
I
think
to
I
mean
so
part
part
of
part
of
I
think,
wanting
to
get
to
a
world
where
we're
predominantly
dealing
with
you
know
short-lived
keys
and
the
same
goes
for
short-lived
credentials,
although
I
think
it's
worse
with
signing
keys
is
revocation
is
hard,
and
I
think
this
is
one
of
the
lessons
that
was,
you
know,
learned
the
hard
way
over
many
years
with
you
know.
C
The
web
and
tls
revocation
is
really
hard
once
you've
issued
something
it's
hard
to
take
back,
and
so
that's
why
I
think
there's
been
this
bias
towards.
You
know:
shorter
and
shorter
lived
things
that
you
know
you
provision
through
automation
and
whatnot
so
and
strong.
C
That
yeah,
so
so.
A
C
Basically,
using
things
like
you
know,
short-lived
credentials
enables
you
to
sort
of
minimize
your
window
of
sort
of
compromise.
I
think,
beyond
that
it
becomes.
You
know,
an
exercise
in
policy
right,
so
if,
if
my
identity
was
compromised
for
a
particular
window
of
time
right,
that's
you
know,
you
can't
trust.
A
C
Sign
for
that
window
of
time
is,
you
know,
potentially
suspect,
and
so
I
think
that's
another
interesting
thing
right,
like
the
we
talked
about
the
key
pair
being
short-lived,
that's
good,
for,
I
think
scott
said
20
minutes,
so
that
doesn't
mean
that
this
thing
we
signed
is
only
good
for
20
minutes.
What
is
important
to
recognize
is
that
one
of
the
one
of
the
aspects
that
makes
this
work
is
we
we
use.
C
C
You
know
that's
when
the
signature
actually
happened,
and
so
there
is
strong
timestamp
information
associated
with
the
signing
that
happened
as
well.
So
you
can
use
that
to
you
know,
invalidate
signatures
by
me
during
you
know,
maybe.
B
C
Was
under
duress
for
you
know
last
week
and
you
can't
trust
you
know
the
things
I
was
saying
right.
A
Yeah
and
I
think,
there's
santiago
torres
who
was
a
big
working
a
lot
with.
He
was
at
nyu
and
he's
at
purdue.
Now
he
I
think
he
has
some
grad
students
who
are
working
on
recoil
or
watcher
to
kind
of
look
at
like
how
to
establish
policy
and
things
like
that
and
and
understand
like
just
because
you
have
that
transparency
log.
You
still
need
to
establish
trust
of
the
thing
you're
using.
A
C
Try
and
sign
some
more
stuff:
oh
you're,
so
try
record
click.
C
You
sorry,
I.
A
So
now
cannot,
oh
developer
cannot
be
verified.
C
Maybe
try,
oh,
you
can
say,
brood
tap,
six
door,
slash
tap
and
then
you
should
be
able
to
install
record
cli.
Maybe
or
you
could
say,
brew,
install
sigstor,
slash,
tap,
slash
recourse
cli,
maybe.
A
C
Are
there
other
options?
What
say
like
dash
help
or
something.
A
Yeah,
maybe
we
we'll
need
to
do
another
tgik
with
luke
we'll
do
a
emea.
C
A
Yeah
we're
already
at
an
hour
and
a
half,
did
you
want
to
try
showing
signing
a
few
other
things?
There's.
C
I
mean
we
don't
really
have
to
run
through
it.
There's
you
know,
we've
been
I've
been
trying
to
write
little
blog
posts
on
the
chain
guard
site
showing
how
to
do
as
as
easy
as
easy
as
possible.
I
call
it
zero
friction
so
signing
different
ways
with
workload,
identities
and
key
lists.
So
there's
one
from
a
week
or
two
ago
about
using
github
actions
oydc
to
sign
things.
C
There's
also
one
that
talks
about
using
kubernetes
service
account
projected
service
account
token
projected
volumes
to
sign
things
on.
The
examples
are
in
eks.
C
It
also
works
with
gke
and
I
think
it's
coming
soon
to
an
azure
cluster
near
you,
but
it's
not
quite
there
yet,
and
you
can
also
on
gke
use,
gk
workload,
identity
to
sign
things,
and
you
know
we
don't
have
a
blog
post
about
gk
workload,
identity,
but
but
yeah
there's
a
whole
bunch
of
different
ways
of
signing
things,
yeah,
yeah
and
we've,
I
think,
barely
scratched
the
surface.
We
only
did
some
things
with.
You
know
signing
with
keys
without
keys.
C
Of
claim,
as
opposed
to
you
know,
just
the
you
know,
naked
signature,
you
can
use
coastline
to
attach
and
download
s-bombs
and
some
of
the
support
for
that
support
for
s-bombs
is.
C
Way
into
tools,
like
you
know,
I
believe
the
build
packs
has
added
support
for
s-bombs.
Co
has
support
for
s-bombs.
So
if
you're
building
things
with
those,
you
can
say
you
know
co-sign,
download,
s-bomb
and,
and
you
know,
get.
B
C
A
lot
more
there
I
think,
we've
barely
scratched
the
surface,
but
yeah
we
gotta
go.
We
gotta
go.
A
Well,
we
have
an
excuse
to
bring
everybody
back
and
to
talk
about
this
more
in
the
future,
so.
C
A
C
I
know
my
brain's
been
shutting
down
for
the
rest
of
the
year
over
the
last
week,
or
so
so
you
know
it's
friday
before
wow
I'll
be
around
monday
and
tuesday,
but
I
don't
know
if
my
brain
will
be
but
yeah
it's
been
slowly
checking.
A
Out
yeah
the
same:
this
is
the
only
thing
standing
between
me
and
the
end
of
my
work
here
so
and
you
can
see
it's
starting
to
get
dark
around
me
as
well
central
time
and
in
northern
minnesota.
So
it's
getting
getting
dark
out
at
4
30
for
me,
so
it's
it's
about
time
to
call
it
a
ramp,
and
I
appreciate
everybody
joining
appreciate.
All
of
you
who
will
watch
this
on
demand
later
and
very
much.
A
Thank
you
to
matt
and
scott
for
joining,
and
I
would
love
to
continue
this
conversation
further.
I
think
there
was
some
conversation
about
doing
a
twitter
space
about
project
six
store
at
some
time
in
the
in
the
near
future.
So.
C
Yeah,
I
think
I
think
that'll
probably
end
up
being
next
year,
given
that
we,
you
know,
didn't
make
it
happen
this
week.
I
think
the
consensus
is
that
that
will
probably
happen
via
the
project.
Sig
store.
You
know,
project
twitter
account,
and
so
we've
got
to
figure
out
how
to
set
that
up
in
moderate.
But
if
you
follow
that
on
twitter,
you
know
we'll
try
and
socialize
that
happening
well
in
advance.
You
can
click
the
little
set
reminder
thing
if
you're
interested
in
tuning
into
that.
B
C
B
It'd
be
really
cool
if
we
did
like
a
series
talking
with
like
focused
on
a
language
per
session
or
something
or
a
package
manager
and
like
see
if
we
can
kind
of
get
the
community
roused
to
sign
things.
A
Yeah,
I
think
we
could,
based
on
how
far
we
got
today,
we
could
have
tgi
ssc.
What
do
you
think.