cosign sign should be able to take multiple keys about cosign HOT 8 CLOSED

One imagined scenario is when you're rotating keys, you might want to sign the image with old.key and new.key at the same time, until you eventually cycle out old.key.

If the UX of having to specify multiple key passphrases makes this unfeasible that's understandable, it's still possible to just call cosign sign multiple times in the meantime.

from cosign.

Multiply keys in rotation makes sense to me.

The same might hold for cosign verify in the context of validating multiple signatures, definitely possible to call cosign verify multiple times by whoever is enforcing a policy, but might be worth adding support for batched verification.

from cosign.

Hmmm, the part about avoiding multiple trips to the registry makes sense - but I'm not sure I understand the usecase fully. I understand wanting to sign multiple times, but if the same "caller" has the ability to sign with multiple keys simultaneously, from the same environment, they sort of seem redundant.

Could you add any more detail?

from cosign.

Hmmm, the part about avoiding multiple trips to the registry makes sense - but I'm not sure I understand the usecase fully. I understand wanting to sign multiple times, but if the same "caller" has the ability to sign with multiple keys simultaneously, from the same environment, they sort of seem redundant.

Could you add any more detail?

Sure. First of all, I don't really feel that strongly about not emitting any signatures if any signing operation fails. I mostly just wanted to be able to pass multiple keys to the CLI, and being able to avoid registry operations seemed nice to have, and I thought I'd be less surprised in general if the cosign invocation either "succeeded" or "failed", and couldn't partially succeed.

If you think it's conceptually better to allow cosign sign -key=bad.key -key=good.key to sign with the good key and log that it failed with the bad one, I won't fight too hard.

from cosign.

Sorry i think i wasn't clear - it's not about whether it would log or continue on failure.

I'm trying to understand why you would want to sign multiple times with multiple keys at the same time.

from cosign.

In all of my imaginary contrived workflows, i would sign once in CI with a key that only the CI system has access to, then sign from my machine with a key that only I have access to.

from cosign.

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days.

from cosign.

This issue was closed because it has been stalled for 5 days with no activity.

from cosign.