Support Cosign Image signature verification with KMS #360
Commits on Dec 15, 2023
-
cdh/kms: add PubkeyProvider API for KMS
Also impl PubkeyProvider for KBS Signed-off-by: Xynnn007 <[email protected]>
-
cdh/hub: add get_public_key api for hub
Signed-off-by: Xynnn007 <[email protected]>
-
cdh/bin: add GetPublicKey ttrpc service api
Signed-off-by: Xynnn007 <[email protected]>
-
image-rs: get public key from CDH when verifying cosign image signatures
Confidential Data Hub now supports to get public key from the different KMS services. The public keys are for signature verification. As currently not all non-attestation functionalities of AA are moved to CDH. So `confidential-data-hub` is a workaround feature to make the code compilable without breaking current logic. After confidential-containers#412 is resolved, we should abandon the `confidential-data-hub` feature. Signed-off-by: Xynnn007 <[email protected]>
-
cdh/kms: add aliyun KMS support for GetPublicKey
Signed-off-by: Xynnn007 <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.