Skip to content

Commit

Permalink
add usage of the COSIGN_PASSWORD env var
Browse files Browse the repository at this point in the history
  • Loading branch information
gkovan committed Aug 4, 2021
1 parent ef05414 commit b991607
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,10 @@ Enter password for private key:
Pushing signature to: index.docker.io/dlorenc/demo:sha256-87ef60f558bad79beea6425a3b28989f01dd417164150ab3baab98dcbf04def8.sig
```

The cosign command above prompts the user to enter the password for the private key.
The user can either manually enter the password, or if the environment variable `COSIGN_PASSWORD` is set then it is used automatically.


### Verify a container against a public key

This command returns `0` if *at least one* `cosign` formatted signature for the image is found
Expand Down Expand Up @@ -161,7 +165,7 @@ The following feature set is not considered stable yet, but we are committed to
* Integration with the `Rekor` transparency log
* Keyless signatures using the `Fulcio` CA

#### Formats/Specifications
#### Formats/Specifications

While the `cosign` code for uploading, signing, retrieving, and verifying several artifact types is stable,
the format specifications for some of those types may not be considered stable yet.
Expand Down

0 comments on commit b991607

Please sign in to comment.