►
From YouTube: TGI Kubernetes 179: Project Sigstore
Description
Taking a look at cosign, fulcio, and rekor
A
Good
afternoon
everybody
and
welcome
to
today's
tgi
kubernetes.
Today
we
have
a
supply
chain
security,
inspired
episode,
still
focused
on
kubernetes,
but
all
the
exciting
projects
we
have
going
on
in
the
space.
I've
got
a
couple
of
great
guests
here
with
me.
Today:
we've
got
matt
and
scott,
so
welcome,
but
I'll
give
you
each
a
chance
to
do
a
quick
introduction.
A
Cool
well,
it
is
a
privilege
and
an
honor
to
have
you
here.
I
don't
think
that
matt
remembers.
The
first
conversation
I
had
with
him
was
a.
We
had
an
internal
group
talking
about
how
to
build
containers
and
this
guy
matt,
who
I'd
never
heard
of
before
started
presenting,
and
he
just
starts
as
he's
going
along
casually
mentioning
there's
this
co-thing
and
there's
this
gtr
thing
and
there's
this
k-native
thing
and
like
all
these
things
he's
like,
and
I
started
like.
A
I
started
these
and
I'm
like:
where
did
this
guy
come
from?
Why
I've
never
heard
and
it's
it
was
mostly
me
being
oblivious
to
all
of
the
the
things
matt
had
done,
rather
than
the
the
notoriety
of
it,
but
that
was
how
I
first
first
met
matt.
So
I
asked
him
some
some
really
basic
questions
and
now
we're
gonna
repeat
that
again
today
I
can
ask
him
and
scott
some
some
super
basic
questions
about
supply,
chain
security
and
everything
else.
A
So
for
all
of
you
joining
us,
it's
a
weekly
tradition
to
let
us
know
where
you're
tuning
in
from
I
see.
We've
got
some
people
from
the
netherlands.
People
from
scottsdale,
I'm
assuming
arizona
columbia-
I
am
in
we've-
got
chile,
northern
california,
I'm
in
chile
minnesota.
So
it
might
be
a
little
bit
colder
than
northern
california,
but
it
depends
on
your
elevation.
I
guess
germany,
brazil,
it's
awesome
to
see
people
tuning
in
all
over,
so
all
right
with
that.
A
Let's
take
a
look
at
the
week
in
review,
so
not
a
whole
lot
going
on
in
the
world
of
see.
If
we
can
show
the
notes
here
in
the
world
of
kubernetes
the
other
week,
1.23
came
out
and
there'll
be
a
tgiq
tgik
on
that
first
thing
next
year.
The
big
thing
on
everybody's
mind
is
the
call
for
proposals
for
kubecon
eu
closes
tonight
at
the
second
before
midnight
pacific
time.
So
if
you
haven't
got
your
cfp
in
yet
everybody
is
looking
for
a
company
sponsored
trip
to
valencia.
A
Spain
so
definitely
get
those
proposals
in
also
have
a
link
for
an
article
in
here
kind
of
walking
through
some
of
the
cool
new
dual
stack
stuff.
If
you
want
to
be
able
to
connect
to
services
in
aws,
using
ipv4
and
or
ipv6,
there's
a
little
bit
of
extra
to
go
through
there
and
then
log4j
everybody's
heard
about
this
probably
sneak
put
together.
This
really
awesome
github
repo
with
a
ton
of
sources
on
this
there's
information
about
explanations.
What
does
it
mean?
What
software
is
vulnerable
twitter
discussions?
Memes?
C
I'm
just
glad
that
I
dodged
it
by
not
hosting
too
much
in
java,
but
it's
been
pretty,
it's
been
pretty.
I
don't
know,
I
don't
like
I've
been
calling
it
the
worst
vulnerability
that
we've
seen
you
know
in
recent
memory
for
sure,
but
like
it
just
seems
so
exploitable
and
it's
pretty
remarkable
right
that
has
been
you
know
there
for
so
long.
In
effect,.
A
A
Yeah,
I
don't
I
don't
know
anybody
in
the
chat
feel
free
to
help
us
out.
If
you
know
I,
I
know
a
big,
a
big
part
of
the
debate.
I've
seen
as
far
as
like
the
severity
of
the
vulnerability
people
talking
about
like
how
bad
the
code
is
or
the
problem
is
versus
how
easy
it
is
to
exploit
and
that
that's
a
big
part
of
it
right.
It's
like
you,
look
at
you
know
the
conversation
about
the
the
intel
chips,
the
the
vulnerabilities
there
right.
A
Were
like
in
in
the
micro
architecture
of
the
the
chips
themselves,
it's
like
you.
You
can't,
unless
you
make
a
new
chip,
you're
not
going
to
fix
that
right,
but
in
order
to
exploit
the
vulnerability
in
the
chip
itself,
you
have
to
really
know
what
you're
doing
down
to
like
the
assembly
level,
or
something
like
that,
whereas,
like
this,
the
people
making
qr
codes
and
putting
them
all
over
the
place
so
that
when
you
know
some
kind
of
photo
recognition
thing
picks
up
on
it,
they
will
get
owned
by
a
qr
code.
A
So
it's
it
is.
It
is
fascinating
and,
and
dan
had
a
great
great
meme
of
it's
the
worst
one,
yet
the
worst
vulnerability
so
far,
but
I
think
you
know
the
other
thing
that
is
super
interesting
is
this
is
almost
exactly
a
year
after
solar
winds
right.
So
I
think
we've
really
been
thinking
a
lot
more
closely
about
this
over
the
course
of
last
year
and
then
to
just
see
this
is
one
more
thing.
There
will
be
something
else
tomorrow.
C
B
C
Like
one
of
the
one
of
the
next
ones,
that's
on
here
right,
like
it's,
been
sort
of
the
last
few
days,
scary
vulnerabilities
right,
like
the
log
log4j
log,
forge
whatever.
However,
you
pronounce
it,
I'm
going
to
say
4k,
that's
scary
in
terms
of
the
breadth
and
then
this
next
one
right
like
the
nso
pegasus,
zero
click,
vulnerability
right,
that's
scaring
people
in
just
like
a
whole
new
dimension.
C
B
Think
my
it's
not
an
exploit
per
se,
but
my
favorite
vulnerability
in
this
kind
of
problem
was,
I
think,
samsung
phones
had
a
qr
code
that
would
factory
reset
them
and
somebody
started
printing
those
out
and
sticking
them
in
this
new
york
subway
like
on
posters
because,
like
walk
up
to
the
post
you're
like
interesting,
I
want
to
watch
that
movie
trailer
scan
the
qr
code
and
for
a
lot
of
people.
It
just
opened
a
garbage
page,
but
for
those
special
samsung
devices
insta
wipe
no,
no
checking.
No,
no
anything.
A
A
Six
store
slack
because
they've
decoupled
and
separated
out
some
of
the
concerns
of
generating
a
bill
of
materials
versus
leveraging
that
bill
of
materials
to
actually
detect
and
find
vulnerabilities
and
so
they're
proposing
to
donate
those-
and
I
think,
that'd,
be
a
really
great
addition
to
the
emerging
ecosystem.
That's
really
blossoming
inside
of
the
open
source
security
foundation
and
six
door
recently
also
moved
into
openssf,
which
is
a
really
great
home
for
the
the
project.
A
A
A
I
don't
know
if
by
default
is
the
right
way
to
phrase
it,
but
at
least
use
it
without
experimental
flags
and
some
other
piv
key
stuff,
which
is,
if
you
want
to
use
yubikeys
or
other
things
like
that
for
signing
and
releases
are
now
additionally
signed
using
the
keyless
flow.
So
it's
cool
to
see
a
cosine
being
signed
by
cosine.
C
So
I
guess
one
other
thing
that
we
can
call
out.
It's
not
I.
I
don't
know
whether
this
was
called
down
on
a
previous
cgik,
but
it's
it's
related
to
cosine
and
one
less.
It's
probably
worth
shouting
out
here,
anyways
in
the
last.
I
think
this
was
like
two.
Maybe
three
weeks
ago
now
sense
of
time
has
distorted
a
bit,
but
the
github
action,
starter
workflow
for
container
builds,
landed
support
for
cosine
keyword,
signing
by
default,
so
github.
A
C
Launch
this
support
for
producing
identity
tokens
for
the
workflow
that
you
run
as
and
this
works
for
merge
requests
cron
as
well
as
workflow
dispatch,
a
bunch
of
them.
It
doesn't
work
with
pr
flows,
because
you
know
you
don't
want
to
hand
out
credentials
pr
flows,
but
for
other
flows
you
can
generate
identity
tokens
and
then
you
can.
C
Those
with
information
about
you
know
which
github
workflow
produced
that
container
image
so
and
one
of
the
things
that
landed
in
1.4
in
support
of
that
was
before
we
had
this
prompt
that,
like,
if
one
of
the
aspects
of
doing
keyless
signing
is
publishing
information
to
a
transparency
log
so
that
you
can
audit.
You
know
who's
signing
what
has
different
identities
and
by
default.
Cosign
will
not
publish
to
that
transparency
log,
which
is
public
for
private
images,
and
so,
but
it
would
prompt
you
if
it
detected.
C
A
C
B
C
Starter
workflow
before
for
github
actions,
but
now
that
1.4
is
out
and
fixes
that
the
starter
workflow
for
private
images
will
start
to
sign
things
which
is
great
and
you
can.
You
can
have
even
private
and
private
repos
published
to
the
transparency
log.
If
you're.
Okay
with
you
know
the
hash
of
your
image
leaking
out
by
passing
the
force
flag
or
you
can
leave
that
off
and
not
publish
to
the
transparency
log.
A
C
A
Another
part
of
exciting
stuff
is
artifact
hub
and
a
lot
of
the
work,
I
think,
is
that
andrew
is
doing
around
helm,
charts
and
being
able
to
sign
those,
especially
the
the
oci
version
of
of
helm,
charts
or
orcid
repos
for
helm
charts.
It's
I
mean
we
talk
about
prevalence
of
kubernetes
software.
That's
out
there,
it's
helm,
charts
far
and
away,
I
think,
are
probably
the
most
common
thing.
If
anybody
has
statistics
on
that,
I'd
love
to
see
it.
A
C
A
Yeah
one
of
the
things
we
talk
about
a
lot
is
always
secure
by
default
right
and
when
can
we
have?
You
know
something:
that's
gonna
for
signature
verification
enabled
by
default,
when
you
start
up
a
kate's
cluster
or
anything
else
right
and
until
kubernetes
itself
is
signed,
it's
going
to
be
awfully
difficult
to
do.
To
do
that.
So
that'll
be
really
helpful.
C
So,
there's
a
question
in
chat:
what
about
private
attestations?
I
guess
that's
not
advised!
So
that's
a
good
question
I
right
now
the
starter
workflow
isn't
doing
any
sort
of
attestation.
It's
also
not
doing
anything
with
s
bonds,
which
is
another
thing
that
it
could
potentially
look
at.
I
let's
see
so
cosine
of
this
yeah,
so
so
for
for
folks
that
aren't
familiar
they're
sort
of
layers
to
what
what
you
really
want
to
use
signing
for
right.
C
So
in
the
simplest
sense,
science
signing
is
a
way
of
sort
of
you
know
saying
you
know
I
I
produced
this
thing
right,
and
so
you
know
a
form
of
it
that
people
are
really
familiar
with
is
well.
Probably
developers
are
somewhat
familiar
with,
or
things
like
git
commit
signing,
which
you
know
the
person
who
signed
that
commit
you
know
in
is
sort
of
saying
you
know
I
I
produce
this
and
if
you
can
verify
their
identity
with
the
key
system,
then
you.
C
The
verified
box
on
github,
keys
off
of
and
things
like
that
so
stations
so
signing
things,
isn't
the
goal
right.
The
goal
is
to
enable
so
yeah
it's
signing
sort
of
like
authentication,
and
you
want.
What
do
you
want
to
use
that
authentication
for
right?
You
want
to
use
that
authentication
to
authenticate.
You
know
making
claims
about
a
thing
right.
I
produce
this,
which
is
the
sort
of
naked
signature
use
case
is
probably
the
simplest
thing,
but
really,
like
you
know,
say
scott's
producing
something,
but
I.
C
C
A
C
B
C
Would
say
you
know
the
the
bits
about
sort
of
what's
what's
uploaded
to
the
transparency,
log
and
whatnot,
I
think,
are
pretty
similar
between
whether
you're
signing
the
claim
or
signing
the
image.
I
don't
think,
although
I
haven't
looked
too
deeply,
I
don't
think
any
additional
information
would
be
leaked
to
the
transparency
log
with
the
cosine
of
test
flow,
but
I
I
could
be
mistaken
there,
but
so
I
think
that
it
would
be.
C
A
Yeah
a
lot
to
dig
into
there
and
I
think,
there's
a
lot
of
different
ways
to
attest
to
things
and
a
lot
of
different
meanings.
People
can
assign
to
attestations.
So
we
can.
We
try
and
take
a
look
at
some
of
those
things
as
we
as
we
start
getting
into
the
the
live
action
and
the
demo
stuff.
So
one
of
the
other
things
you'll
hear
us
chat
about
today
is
salsa
and
operation
salsa,
a
really
awesome
set
of
youtube
videos.
A
Part
two
is
coming
soon:
I'm
not
gonna
open
the
links
for
for
these.
I
promise
they're,
not
rick
roll
videos,
but
you
can
also
just
google
operation,
salsa
and
aligned
with
that.
We've
got
a
brand
new
salsa
website.
So
salsa
is
what
is
salsa
supply,
chain
level,
art
supply
chain
levels
for
software
artifacts.
There's
some
really
good
videos
about
this
from
the
supply
chain,
security
con
as
well.
A
That
happened
at
the
last
co-located
event
with
the
last
kubecon,
where
I
think
priya
and
some
other
folks
go
through
all
of
the
the
things
we're
working
on
here.
The
big
thing
is
you
look
at
the
supply
chain
problem?
You
basically
have
these
the
high
level
steps,
and
not
only
are
the
steps
themselves
vulnerable
to
compromise.
Every
link
in
between
the
steps
is
vulnerable
to
compromise,
and
so
with
salsa
you
can
build
up
different
levels
of
assurance
and
so
kind
of
starting
with
level
one
two
three
four.
A
I
haven't
gone
through
all
the
stuff
on
this
new
website,
but
already
looking
at
it.
It
looks
awesome
so
and
then
there's
specifications
for
each
level
which
go
from
no
guarantees
very
low
level
to
eventually
level
four
is
going
to
be
super
strict
and
potentially
impossible
today
to
actually
achieve,
depending
on
on
who
you
talk
to
and
how
you
interpret
it.
However,
I
know
we
were:
we've
been
working
on
the
supply
chain,
security,
reference
architecture
in
the
cncf
six
security
working
group.
A
For
that,
in
between
the
time
we
started
the
reference
architecture
and
the
the
review
version.
That
is
right.
Now,
new
tools
have
been
created
that
didn't
even
exist
when
we
started
it.
So
whether
or
not
you
can
achieve
salsa
for
today
doesn't
really
matter
because
by
tomorrow
the
answer
will
be
different
and
we'll
get
closer
and
closer
to
being.
Yes,
for
every
opinion,
as
as
time
goes
on
so.
A
And
the
other
important
part
I
think
about
salsa
is
not
just
that.
There's
this
idea
out
there
and
there's
this
thing
that
people
are
talking
about,
but
we're
actually
seeing
different,
really
important
infrastructure
projects
to
talking
about
adopting
salsa
as
a
standard
for
how
to
communicate
to
the
consumers
of
their
software,
that
it
is
secure
and
so
kubernetes
itself
and
k3s
as
well,
are
looking
at
proposals
to
become
salsa
compliance
at
different
levels.
A
And
if
anybody
out
there
is
thinking
about
doing
this,
I
know
there's
a
lot
of
people
who
are
interested
in
helping
you
out
and
there's
on
the
salsa
dev
website.
There's
information
about
how
to
connect
with
the
community
there,
the
you
know
the
starting
point
of
level.
One
offers
a
whole
bunch
of
assurances
that
you
should
be
able
to
do
and
that's
a
that's
a
great
place
to
start.
So
you
definitely
should
not
be
afraid
to
start
there.
If
it's
something
you
want
to
do.
A
C
Start
somewhere,
yeah
and
if
folks
are
interested
in
learning
more
about
that
or
you
know
bandwidth
permitting
getting
some
help
on
some
of
the
early
steps.
There
definitely
reach
out
if
you're
you're
involved
in
an
open
source
project
that
you
know
wants
to
improve
its.
You
know
its
salsa
level.
We
can.
Hopefully
you
know
point
you
at
resources
or
potentially
you
know,
help
a
bit
there.
A
So
this
is
one
of
the
things
that's
like
the
intersection
and
the
overlap
of
where
this
space
is
improving,
I
think,
is
heavily
aligned
with
with
kubernetes
and
containers,
but
there's
still
a
lot
of
workloads
out
there
that
are
not
on
case
or
containers
and
and
that's
part
of
the
reason
why
maybe
we
get
into
a
little
bit.
You
know
we
finally
got
to
the
agenda.
What
is
six
store?
I
think
one
of
the
things
that's
important
to
to
like
recognize
the
six
store.
A
Well,
this
is
not
the
not
the
right
link,
but
six
store.dev,
we'll
update.
That
is
not
part
of
cncf,
which
is,
I
think,
an
important
thing
to
understand
in
terms
of
really
they
want
to
be,
as
it
says
right
here,
a
big
big
letter,
new
standard
for
signing,
verifying
and
protecting
software
doesn't
have
to
be
containerized
software.
B
C
Yeah,
really
it's
it's
all
about
making
signing
easy
and
we're
talking
to
folks.
You
know
we're
interested
in
extending
you
know
we're
we're
coming
from
the
cloud
native
space,
so
we
have
our
own
biases
towards
containers
and
stuff.
Like
that,
I
am
a
super
nerd
when
it
comes
to
things
like
containers,
I
try
to
keep
it
secret
from
folks
like
john
so
today,
but
we've
got
we've
got
folks.
Who
are
you
know?
Looking
at
you
know
pick.
B
A
C
B
A
A
Yeah-
and
I
think
another
important
part
to
call
out
here,
looking
at
the
co-
you
know
in
collaboration
with
section
here,
we've
got
a
really,
I
think,
a
good
list
of
companies
that
are
involved.
I
think
we're
all
on
the
call
biased
here,
because
we
are
part
of
company.
You
know
we
think
this
is
really
important
and
I
think
there's
seeing
besides
just
the
folks
representing
on
this
tgik.
You
know:
google
and
red
hat
and
universities
involved
the
linux
foundation
itself,
hpe
cisco.
A
It's
really
important
to
have
this
broad
industry-wide
recognition
that
this
is
a
great
way
of
solving
this
problem
and
then,
more
importantly
than
that,
looking
at
465
plus
members,
20
plus
organizations,
not
everybody
has
the
money
to
sponsor
this,
but
there's
a
ton
of
people
participating
and
getting
involved
in
the
six-door
slack
every
day.
I
see
a
message
from
someone
new
from
some
company
that
I
never
even
knew
was
using
any
of
the
six
store
technology.
A
A
So
we
can
kind
of
see.
I
think
we
talked
about
a
lot
of
the
stuff
here
and
one
of
the
things
you
know
we'll
talk
about,
why
sig
store
and
what
makes
six
store
different.
I
think
this
is
where
we
kind
of
get
into
a
little
bit
automatic
key
management,
the
transparent
ledger,
so
that
I
think
these
are
pretty
much
references
to
full
co
and
recore
and
we'll
dive
into
those
projects
specifically,
but
maybe
matt
or
scott.
A
Anything
in
particular
to
you
that
you
know
signing
is
not
a
new,
a
new
thing
we
had
notary
we've
had
v1,
we've
got
other
proposals
out
there
as
well.
We
have
gpg
for
a
long
time
right
and
they
have
not
been
widely
adopted.
They're
not
widely
used.
It's
not
not
really
like.
We
didn't
invent
new
versions
of
cryptography
or
new
math
or
anything
else
to
like
to
sign
this
stuff.
So
what
what
is
being
done?
That's
different.
That
makes
this
that
makes
six
store
matter.
B
Let's
krypt
didn't
invent
anything
new.
They
just
assembled
the
pieces
to
make
it
right.
Sorry
they
invented
the
very
little
right
like
they
didn't
read,
discover
encryption
or
certificates.
They
just
exposed
it
in
a
way,
that's
friendly
for
website
developers
and
so
six
stars
doing
the
same
thing,
but
but
for
signing.
C
C
Keys
is
harder
than
it
should
be,
and
you
know
the
systems
that
manage
those
keys
are
often
very
very
expensive.
So
you
know
the
things
like
full,
ceo
and
whatnot
are
trying
to
do
that.
What
what
let's
encrypt
it
and
make
it
easy,
and
you
know,
free
or
as
close
to
free
as
we
can
make
it
before
the
sort
of
public
good
instance
to
get
folks
signing
things,
because
you
know
in
the
container
space
like
what?
What
percent
I
mean.
I
think
it's
probably
even
worse
than
https
on
the
web.
C
A
C
Or
an
alpn01
challenge
to
you
know
satisfy
you
know,
proving
that
you
own
the
domain
that
you're
asking
for
a
cert
for-
and
you
know,
depending
on
the
type
of
challenge
you
can
get
different
types
of
certificates
out
of
it
right.
So
this
is
one
of
the
places
that
fulcio,
you
know
is
learning
a
lot
from
what
let's
encrypt
did
and
there's
an
identity
challenge
process
that
you
go
through
with
fulso
to
prove
you
are,
who
you
say
you
are,
and
you
know
then.
A
C
You
know
your
key
is
linked
into
a
certificate
chain
to
a
root.
So
again
no
new
sort
of
pki
here
right.
It's
still,
you
know
key
pairs,
you
know
it's.
I
think
the
idea
of
certificate
chains
being
involved
in
signing
is
relatively
new
to
the
context
of
signing.
But
it's
all
a
very
you
know
well
understood
you
know.
B
C
A
Cool
yeah,
I
think,
there's
some
some
some
great
diagrams
and
things
to
walk
through
here
and
you
can
see
the
different
flows
and
the
root
of
trust.
We'll
maybe
talk
a
little
bit
more
about
that
when
we
get
to
looking
at
at
full
co,
but
maybe
now,
let's
just
double
check,
I
think
let's
go
ahead
and
try
and
sign
something
see
see
what
we
can
do
so.
The
first
thing
we
should
do
is:
if
I
look
I
I
do
not
have
cosine
so
I
I
need.
A
A
A
All
right,
yeah,
let's
see
if
brew,
works
on
this
machine.
One
thing
I
didn't
mention
that
I
should
have
is:
I
am
in
management,
so
as
an
engineering
manager,
nothing
on
my
laptop
may
work
we'll
see
what
happens.
I
do
have
minicube
running
so
I
sorry
at
least
figured
out
some
mechanism
for
getting
kubernetes
installed.
I
have
brew.
It's
it's
updating
homebrew!
I
should
have
done
that
before,
while
while
we
were
waiting,
but
we
will,
we
will
see
what
happens
here
yeah.
What's
I.
B
A
A
A
C
It
might
be
as
good
as
you're
gonna
get
right
now.
I
don't
know
if
they've
started
signing
with
cosign,
but
they
could,
because
I
heard
they
moved
a
lot
of
the
their
build
packages
to
ghcr
so
they're,
using
oci
to
store
a
lot
of
things
that
aren't
necessarily
containers
which
is
cool.
But
you
know
given
cosine
strong
support
for
oci.
C
C
C
C
C
B
A
C
C
B
C
Project
sig
store
cosign
is
the.
Where
images
are
the
actual
release?
Images
are
so
you
can
say
so,
cosine
verify
if
you
say,
gcr.io
slash,
project
sig
store.
Let
me
just
make
sure
that's
right.
Yeah
project,
sig
store
all
lower
case,
no
punctuation
and
then
slash
cosign
and
then
well.
You
know
just
a
couple
more
so
so
this
is
gonna.
Do
the
keyless
verification?
C
There
you
go
so
you
can
pipe
this
to
jq
as
well.
If
you
have
gq
installed
just
type
jq
dot,
it
gives
it
a
bit
more
pleasant
yeah.
So
you
can
see
some
cool
metadata
down
at
the
bottom,
so
this
is
who
signed
or
who
signed
this
you
can
see.
The
issuer
was
accounts
like
google.com.
So
this
is
a
google
identity
that
signed
it
and
the
subject
is
keyless
at
project
projectsigstore.iam.d.servicecount.com.
C
C
Like
thing
is
the
project
id,
which
is
the
same
project
id
that
we
have
in
the
container
image
uri
and
then
the
name
of
the
service
account
within
that
project
is
keyless.
I
believe
this
is
using.
I
believe
this
is
using
google
cloud
build
to
produce
the
releases,
so
it's
using
those
to
impersonate
this
service
account
and
do
the
key
with
signing
flow,
which.
C
A
C
Slash
distribution
static,
you,
I
think
you
would
see
keyless
at
dystralis,
so
it's
naming
convention,
it's
nothing.
You
know
you
know
official
or
anything,
but
those
are
sort
of
the
identities
we've
adopted
for
doing
some
of
this
keyless
signing
for
the
things
that
are
going
through
google
cloud
build
so.
A
Cool
so
now
we
have
cosine
we're
fairly
certain
we've
got
a
good
version
and
then
there's
I'm
assuming
a
whole
bunch
of
commands.
Good
grief,
there's
a
few
more
commands
than
the
last
time
I
ran
this.
We've
got
attach
test
clean
completion.
Copy
docker
file,
download
generate
generate
key
pair
help,
I'm
assuming
that's
more
or
less
what
this
is
initialize
load
manifest.
A
C
Yeah
yeah,
so
I
I'd
say:
let's
start
with
generatekeybear,
which
is
you
know,
that'll
that'll
put
us
in
the
world
of
what
most
folks
are.
You
know,
maybe
doing
today
if
they're
doing
signing
this
will
generate
a
key
pair
locally
that
we
can
use.
So
it
spits
out
two
files
go
sign
that
key
and
cosign.hub
p
is
the
private
key.
So
it's
what
you'd
use
for
sign
in
and
cosign.pub
is
the
public
key.
So
it's
what
you
would
might
check
into
the
root
of
your
github
repo,
don't
check
in
the
directory
file.
A
C
B
A
C
So
that's
a
good
question,
so
you
don't
actually
need
so
it's
it's
sort
of
a
subtle
thing,
so
you,
the
image,
doesn't
actually
have
to
exist
in
the
registry
to
sign
it
and
there's
a
mode
and
cosine
where
so,
if
you
set
the
cosine
repository
environment
variable,
you
can
actually
have.
Your
images
exist
in
one
place
and
you
could
say
find
that
thing.
C
But
if
you
set
the
cosine
repository
environment
variable
you
can
redirect,
where
all
of
the
things
that
cosine
would
sort
of
attach
to
that
image
to
a
different
repo.
So
if
you
were
to,
for
instance,
if
you
wanted
to
code
sign
out
the
official
alpine
image,
you
could
do
that
you,
you
just
don't,
have
access
to
push
to
docker
hub
right,
so
you
could
actually
redirect
it.
You
could
say
cosign
repository,
you
know
some
other
docker
name
and
it
would
publish
the
dot
sig
and
dot
at
dot
s
bomb
things
there.
C
C
A
C
So
yeah,
so
the
generate
keypair
thing
you
know
and
having
the
key
and
pulling
right
key
on
disk.
That's
just
sort
of
the
sort
of
kicking.
The
tires
example
there's
a
whole
spectrum
of
different
options.
So
you
can,
you
can
use
key
references
that
are
both
files
locally,
that
are
generated
with
generate
keypair,
there's
also
sort
of
a
uri
based
scheme
where
you
can
point
at
different
kms
systems
or
even
a
kubernetes
secret
to
you
know,
use
keys
from
different
kms
systems.
C
I
think
gcpks
aws,
kms,
azure
kms,
are
all
supported.
Kubernetes
secrets
are
supported,
I
don't
know
whether
or
not
volt
supported,
but
I
would
guess
it
probably
is:
there's
a
there's
also
some
support
for
different
hardware
signing
options
in
there.
You
know
I
don't
mention
before
the
pivky
stuff,
so
you
can
use
some
of
those
mechanisms
as
well
and
then,
in
addition
to
those
there's,
you
know
the
keyless
stuff,
which
you
know.
B
C
C
Oh,
no,
I
don't,
I
don't
think,
that's
necessarily
true.
I
don't
think
it
has
to
be
generated
by
cosine,
but
I
am
not
sure
exactly
what
the
whether
there
are
constraints
around
the
types
of
keys
and
supports,
or
anything
like
that.
I
believe
it
supports.
You
know
the
most
common
kinds.
Like
you
know
I
I
can
never
remember
all
of
the
whole
acronyms.
You
know
ecds
and
yeah.
C
A
C
C
The
pen
encoded
thing
shows
up
so
so
hang
on
to
that
digest
before
you
clear
the
screen
or
anything,
because
I'm
a
stickler
for
signing
digests,
not
tags.
So
we
should
definitely
not
just
sign
the
tag.
We
should
sign
the
digest
we
pushed
but
yeah,
so
you
should
be
able
to
pass
the
key
in
with
that
key.
C
And
then
here
you
would
put
cosine
dot
key,
so
this
is
one
of
the
places
you
can
use,
one
of
the
sort
of
urish
things.
I
think
you
can
say
something
like
gcp,
kms,
colon,
slash,
splash
and
then
there's
you
know
a
mechanism
for
referencing
a
key
within
gcp
kms.
You
know.
Similarly
you
can
say
kate's
colon,
slash,
slash,
namespace
secret
name,
and
it
can
use
that
as
either
a
signing
key.
C
C
C
C
Okay,
all
right,
yeah,
crane!
So
there's
a
library
that
a
bunch
of
these
tools
built
on
called
we
call
it
ggcr
for
short,
but
github.com,
google
go
container
registry,
it's
really
a
sort
of
an
sdk
for
interacting
with
ci
images,
and
you
know,
while
we
were
building
it,
we
were
like.
Well,
we
don't
want
to
have
to
like
write
code
to
use
all
this
cool
stuff,
and
so
I
I
don't
remember
whether
it
was
jason
or
john
was
like
we're.
Gonna
write.
C
C
C
Is
it
pushes
a
little?
You
know,
oci
thing
alongside
the
image
that
encodes
in
the
tag
name
the
hash
of
the
image
it's
signing.
So
if
you,
if
you
were
to
say
crane
digest
on
you,
know
that
same
reference,
you
have
above
yeah
so
that
you
know
e7
blah
blah
blah.
That's
exactly
the
digest
that
the
image
we
just
pushed
so
the
name
of
the
tag,
sort
of
captures
that
that's.
C
C
You
know
we
aren't
relying
on
that
for
semantic
purposes,
we're
relying
on
that,
mostly
as
a
convention
for
discovery.
There's
some
work
in
oci
to
try
and
extend
oci
to
support.
What's
called
references,
that's
been
sort
of
a
long
process
getting
there,
but
I
think
the
working
group
for
that
is
starting
to
you,
know,
get
organized
and
that
will
hopefully
allow
us
to.
C
From
these
sort
of
conventions
to
something
that's
sort
of
more
first
class
within
oci,
but
you
know
having
done
this
for
a
long
time
I
so
I
started
the
gcr
team
at
google,
and
so
we've
been
doing
this
since
v1
of
the
registry
scheme
and
every
time
a
new
thing
came
out.
It
was
years
before
it
was.
You
know,
really
pervasive
right,
so
v2
of
the
registry.
A
B
C
And
you
know
it
took
really
years
before
all
of
the
different
registries
supported
that
schema
two,
so
so
yeah
it
takes
a
while
for
some
of
these
things
to
roll
out.
So
what
cosine
is
doing
today
is
very
pragmatic,
like
okay,
it
works
with
basically
every
single
registry.
I
think
it
works
with
every
registry,
I'm
aware
of
with,
I
think
the
exception
of
quay.
C
B
A
Yeah,
I
think
I
was
looking
at
the
the
oci
spec.
The
spec
itself
for
container
images
in
the
last
release
was
in
2017,
so
it's
definitely
yeah.
It
moves
at
a
different
pace,
but
also
the
implications
are
huge
right.
The
consequences
of
all
the
software
in
containers
that
exist
today
we
talked
a
little
bit
about
how
not
all
software
is
containers,
but
there
is
a
lot
of
software
that
you
know
how
many
years
ago
did
gcr
start.
C
So
I
started
gcr,
let's
see
we,
we
started
that
team
right
when
I
came
back
from
paternity
leave
and
my
daughter's
turning
eight
in
january,
so
it'll
be
a
well.
The
team
will
be
eight
in,
I
think,
may
gcr
would
launch
privately
sort
of
towards
the
end
of
that
year
and
publicly
baited
early
the
following
year.
So
early
2015
is
when
I
think
gcr
went
publicly
beta
and
yeah.
A
C
C
If
you
know
there
were
proper,
digest
support
in
the
early
registry
stuff,
and
it
took
long
enough
to
add
that
some
of
that
stuff
sort
of
baked
in
but
but
yeah
I
I
lost
my
train
of
thought:
yeah,
oh
yeah,
but
the
content
of
disability,
one
of
the
fun
things
about
that
is.
It
makes
sort
of
automatically
migrating
to
newer
formats
hard,
if
not
impossible,
right
so
v1
images.
C
We
could
roll
forward
to
v2
because,
like
people
couldn't
use
a
digest
to
pull
e1
images,
and
so
even
if
we
changed
it
under
the
hood,
which
you
know
we,
we
didn't
actually
change
how
we
were
storing
it
in
gcr
we
just
had
a
smart
serving
layer
that
would
serve
it
as
v2
if
you
wanted
to.
But
you
know,
if
you're
pulling
by
digest,
we
can't
change
what
we're
serving
you
right.
We
have
to
serve.
You
exactly,
but
that.
A
C
A
B
A
A
C
A
C
Yep
yeah,
so
basically
what
this
is
going
to
do
when
you
run
it
is
it's
going
to
generate
a
key
key
pair
in
memory
and
then,
as
you
can
see
it
popped
up
in
a
browser
window.
This
is
sending
john
through
a
300
with
you
know,
there's
a
few
identity
providers
that
are
supported.
So
you
pick
one
of
the
identity
providers.
If
you
go
back
to
your
browser,
so
this
is
prompting
you
so
you
can
pick
yes.
C
Basically,
let's
walk
through,
what's
happened
so
far,
so
cosine
generated
you
can
see
generating
ephemeral
keys
there
at
the
top
of
the
output,
so
it
generated
the
ephemeral
key
and
then
it
basically
wants
to
take
those
keys
and
sign
it
into
a
certificate
chain,
that's
rooted
at
the
full
seo
route.
So
it's
sent
john
through
what
I've
been
calling
an
identity
challenge
right
to
prove
that
john
is
who
john
says
he
is
and
not
just
a
deep
fake.
It's
secretly
joe
beta.
C
And
so
so
now,
folksio
knows
that
you
know
john,
is
john
and
takes
that
ephemeral,
key
pair
and
basically
signs
it,
and
you
know
gives
a
certificate
that
it
includes
a
bunch
of
metadata
that
we'll
poke
at
for
a
second.
But
now
using
that
key
pair
you
can
sign
the
information,
the
image
and
it
can
be
verified.
Even
you
know,
without
that.
C
C
You,
whether
you
want
to
publish
the
signing
about
it
to
the
public
transparency
log,
I'm
pretty
sure
youtube
counts.
As
you
know,
another
short
public
blog,
so
we're
probably
not
leaking
anything
aside
from
troop
writer,
but
so
yeah,
it's
probably
safe
to
publish
that
there
and
you
can
see
a
t-log
entry
created
with
index.
A
C
So
so
yeah,
so
this
is
super
interesting
well,
so
I
guess
we
already
saw
an
example
of
the
keyless
flow
before,
where
you
know
it
was
being
signed
with.
Google
service
account
identity,
and
you
can
see
the
information
about.
You
know
what
signed
the
the
doctor
references,
the
repo
name,
the
docker
manifest
digest
is
the
digest.
We
sign,
I'm
not
sure,
type
effort
changes.
C
B
Think
the
thing
that's
interesting
about
this
is,
you
know,
just
like:
let's
encrypt
made
https
available
on
the
web
before
that
you,
maybe
if
you
found
a
website
that
was
https,
you
could
kind
of
trust
it
a
bit
better
about
its
legitimacy.
But
now
I
can
make
a
fake.
You
know
bonk
usbonc.com
and
I
could
get
a
cert
for
it
and
I
could
trick
you
into
like
trying
to
log
into
something
right
if
we're
doing
keyless
signing
here.
B
You
could
attach
an
identity,
but
by
default
it's
not
there,
but
this
one
gets
identity
and
the
signature
attached,
but
you
can't
necessarily
trust
the
root
in
in
that
the
anyone
can
use
that
same
root.
They
use
this
tool,
but
they
can't
attach
your
identity
to
it.
So
that's
kind
of
what
matt
was
talking
about
where
you
have.
C
C
Yeah,
so
so,
there's
a
few
there's
a
few
different
sort
of
points
to
make
about
this.
You
know
one
of
the
questions
in
chat
was
about.
You
know,
as
the
browser
challenge
one
time
we're
going
to
be
used
to
science
as
john
yeah.
So
it's
it's
a
one-time
challenge
flow.
It's
not
it's
not
doing
a
sort
of
refresh
flow
or
anything
like
that.
So
each
time
we
sign
it,
it
would
send.
C
C
Anymore
and
that
well
the
yeah,
the
private
key
is
never
written
to
disk.
It
sits
in
memory,
it's
used
to
sign
it
and
then
it's
thrown
away
so
never
hits
disk
and
then
and
then
a
whole
bunch
of
information
is
then
included
into
the
certificate.
So
if
we
scroll
down
a
little
bit,
we'll
see
john's
email
and
it
was
verified
through
the
google
flow,
so
you
can
see
counseling.com
and
john's
email
there,
and
so
this
is
him
signing
it.
C
A
C
Yeah
connoisseur,
so
I
don't.
I
don't
know
a
lot
of
the
details
about
connoisseur,
specifically
other
than
it's
an
admission
controller
and
what
is
kind
of
so
it
lists
six
four
cosine
under
what
it
aims
to
support.
But
so
I
I
don't
know
specifically
the
state
of
the
integration
there,
but
I
do
know
that
there's
a
few
different
admission
controllers
that
folks
have
been
using
to
do
verification
of
cosine.
C
With
I
am
pretty
sure
that
you
can
use
opa
gatekeeper
to
do
signature,
signature,
verification
of
cosine
signatures.
Caverno
has
support
for
a
variety
of
cosine
signatures,
attestations
and
s
balms.
I
believe,
and
there's
also
a
sort
of
there's
what
we
call
co-signed,
which
is
an
admission
controller
that
lives
in
the
cosine
repo
itself.
Where
engineers
we're
terribly
naming.
A
Yeah
and
there
was
a
a
deeper
dive
on
connoisseur
in
a
general
sense.
I
don't
think
it
was
specific
to
cosine
two
weeks
ago
on
tjik.
I
think
it
was
the
week
we
had
two
episodes,
though
so,
rather
than
being
177.
I
think
it's
actually
176,
because
it
was
the
morning
time
on
that
friday.
So
we'll
put
a
link
to
that
in
the
notes.
Afterwards,.
C
A
C
But
the
bulk
of
the
logic
is
in
somewhere
buried
under
pkg,
so
this
so
there's
there's
two
web
hooks
that
the
co-signed
binary
runs.
It's.
It
runs
a
mutating
web
hook
that
resolves
tags
to
digests,
and
so,
even
if
you
pass
tag
references
to
your
deployments
or
your
staple
sets
or
your
pods,
it
resolves
them
to
a
digest
and
then
it
what
it
verifies
is
that
that
digest
is
assigned
and
part
of
the
reason
it
does.
C
That
is
if
it
verifies
what
your
tag
currently
points
to
and
lets
it
through
the
pod
that
spins
up
could
pull
that
tag
and
that
tag
might
point
to
something
completely
different.
Or
you
know,
one
of
one
of
the
things
that
I
love
to
hate
on
in
kubernetes
is
pull
policies,
because
you
know,
as
someone
who
spent
a
bunch
of
time
in
registries,
every
time
pool
policy
did
the
wrong
thing.
It
wasn't
kubernetes
fall,
kubernetes
could
do
no
wrong.
It
was
my
fault
like
why.
A
C
C
All
my
deployments,
I
deleted
the
images
from
the
registry.
I
deleted
it
from
my
local
docker
thing,
and
yet,
if
I
apply
this
kubernetes
manifest
it,
my
app
still
deploys.
How
is
it
getting
the
image?
Why
are
you
serving
the
image?
Is
this
an
eventual
consistency
thing
and
I
was
like
no,
the
kubelet
still
has
your
image
sitting
around
and
it's
not
deleting
it
and
there's
no
mechanisms,
for
you
know
it
to
know
really
that
this
thing
has
gone
away
because
it
wasn't
doing
pull.
B
C
It
we're
cool
and
spinning
up
the
app
this
person
is
so
confused.
You
know
smart
people
getting
very
confused
by
this
sort
of
stale
caching
behavior.
So
I
love
the
hate
on
image:
pull
policy
as
one
of
those
things
that
if
digests
had
existed
in
docker
v1,
we
might
have
been
able
to
have
a
better
answer
to
early
on
in
kubernetes,
but.
C
C
C
Every
so
often
someone
finds
one
of
these
little
repos.
Where
I
did
something-
and
you
know
there's
like
you
know,
the
awesome
go
twitter
thing
and
someone's
like
hey
matt.
Did
you
see
this
one
of
your
repos
is
on
here
I
go
and
I
reply
like.
Please
don't
use
this
yeah,
so
that
was
that
one's
come
across
one
of
those
things
a
couple
times
but
yeah.
If
you're
interested
in
that
kind
of
thing,
I'm
happy
to
talk
about
it,
but
you
know.
A
B
The
short
story
is,
there's
a
bunch
of
mechanisms
to
help
just
write
the
framework
for
getting
the
the
hook
installed,
but
we
also
do
certificate
management
for
registering
the
hook
to
the
api
server.
So
we
don't
need
cert
manager
and
that's
really
the
huge
benefit
here.
Is
that
there's
just
not
another
another
operator
doing
the
cert
management,
because
it's
it's
not
that
much
code
and
there's
other
mechanisms
that
we
wrote
in
k-native
to
help
register
resources
to
methods
to
do
validation,
mutating
and
admission
control.
C
C
But
basically
a
defaulting
allows
you
to
mutate
things,
and
really
all
you
have
to
do
to
do
to
you
know,
get
support
for
the
web
hook
to
do
this
if
you
scroll
down
a
little
bit
so
there
are
these
types
you
can
see.
We
we're
pointing
apps
v1
scheme
group
version
with
kind
replica
set
at
this
duck,
v1
with
pod
thing
and
we're
actually
using
with
pod
for
all
of
them.
C
Or
you
know
creating
the
appropriate,
you
know
admission
response
when
you
know
you
return
an
error
from
the
validate
method,
so
it
tries
to
make
that
easy.
So
we
are
actually
leveraging
duct
typing
here
a
little
bit,
because
you
know
you
can
see
we're
using
that
duck.
V1
with
pod
for
all
of
the
different
sort
of
apps
resources.
C
B
A
B
C
C
C
A
C
A
A
Yeah,
I
think
one
of
the
things
I'm
I'm
curious
about,
or
that
comes
up
frequently
at
least
is
the
idea
of
you
know.
We
talked
a
little
bit
about
impersonating
like
could
somebody
have
intercepted
this
this
challenge
and
then
tried
to
sign
things
as
me,
and
this
is
a
more
general
thing
with
keyless
as
well.
You
don't
have
those
keys.
How
do
you
rotate
the
keys
like?
C
A
C
Basically,
using
things
like
you
know,
short-lived
credentials
enables
you
to
sort
of
minimize
your
window
of
sort
of
compromise.
I
think,
beyond
that
it
becomes.
You
know,
an
exercise
in
policy
right,
so
if,
if
my
identity
was
compromised
for
a
particular
window
of
time
right,
that's
you
know,
you
can't
trust.
A
C
Sign
for
that
window
of
time
is,
you
know,
potentially
suspect,
and
so
I
think
that's
another
interesting
thing
right,
like
the
we
talked
about
the
key
pair
being
short-lived,
that's
good,
for,
I
think
scott
said
20
minutes,
so
that
doesn't
mean
that
this
thing
we
signed
is
only
good
for
20
minutes.
What
is
important
to
recognize
is
that
one
of
the
one
of
the
aspects
that
makes
this
work
is
we
we
use.
C
C
B
C
A
Yeah
and
I
think,
there's
santiago
torres
who
was
a
big
working
a
lot
with.
He
was
at
nyu
and
he's
at
purdue.
Now
he
I
think
he
has
some
grad
students
who
are
working
on
recoil
or
watcher
to
kind
of
look
at
like
how
to
establish
policy
and
things
like
that
and
and
understand
like
just
because
you
have
that
transparency
log.
You
still
need
to
establish
trust
of
the
thing
you're
using.
A
C
A
A
C
A
C
I
mean
we
don't
really
have
to
run
through
it.
There's
you
know,
we've
been
I've
been
trying
to
write
little
blog
posts
on
the
chain
guard
site
showing
how
to
do
as
as
easy
as
easy
as
possible.
I
call
it
zero
friction
so
signing
different
ways
with
workload,
identities
and
key
lists.
So
there's
one
from
a
week
or
two
ago
about
using
github
actions
oydc
to
sign
things.
C
C
It
also
works
with
gke
and
I
think
it's
coming
soon
to
an
azure
cluster
near
you,
but
it's
not
quite
there
yet,
and
you
can
also
on
gke
use,
gk
workload,
identity
to
sign
things,
and
you
know
we
don't
have
a
blog
post
about
gk
workload,
identity,
but
but
yeah
there's
a
whole
bunch
of
different
ways
of
signing
things,
yeah,
yeah
and
we've,
I
think,
barely
scratched
the
surface.
We
only
did
some
things
with.
You
know
signing
with
keys
without
keys.
C
B
C
A
A
Out
yeah
the
same:
this
is
the
only
thing
standing
between
me
and
the
end
of
my
work
here
so
and
you
can
see
it's
starting
to
get
dark
around
me
as
well
central
time
and
in
northern
minnesota.
So
it's
getting
getting
dark
out
at
4
30
for
me,
so
it's
it's
about
time
to
call
it
a
ramp,
and
I
appreciate
everybody
joining
appreciate.
All
of
you
who
will
watch
this
on
demand
later
and
very
much.
A
C
Yeah,
I
think
I
think
that'll
probably
end
up
being
next
year,
given
that
we,
you
know,
didn't
make
it
happen
this
week.
I
think
the
consensus
is
that
that
will
probably
happen
via
the
project.
Sig
store.
You
know,
project
twitter
account,
and
so
we've
got
to
figure
out
how
to
set
that
up
in
moderate.
But
if
you
follow
that
on
twitter,
you
know
we'll
try
and
socialize
that
happening
well
in
advance.
You
can
click
the
little
set
reminder
thing
if
you're
interested
in
tuning
into
that.