Addressing comments about formatting and signing with a generated key.

Signed-off-by: hayleycd <cook.hayley@gmail.com>
sigstore · Sep 10, 2024 · f01dd72 · f01dd72
1 parent d25b646
commit f01dd72
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 21 deletions.
diff --git a/content/en/cosign/key_management/hardware-based-tokens.md b/content/en/cosign/key_management/hardware-based-tokens.md
@@ -9,14 +9,11 @@ The `cosign` command line tool optionally supports hardware tokens for signing a
 This support is enabled through the [PIV protocol](https://csrc.nist.gov/projects/piv/piv-standards-and-supporting-documentation)
 and the [go-piv](https://github.com/go-piv/piv-go) library, which is not included in the standard release. Use `make cosign-pivkey-pkcs11key`, or `go build -tags=pivkey,pkcs11key ./cmd/cosign`, to build `cosign` with support for hardware tokens.
 
----
 ## Background information
 
 Cosign's hardware token support requires `libpcsclite` on platforms other than Windows and OSX.
 See [`go-piv`'s installation instructions for your platform.](https://github.com/go-piv/piv-go#installation)
 
----
-
 We recommend using an application provided by your hardware vendor to manage keys and permissions for advanced use-cases, but `cosign piv-tool` should work well for most users.
 
 The following exmamples use this image:

diff --git a/content/en/quickstart/quickstart-cosign.md b/content/en/quickstart/quickstart-cosign.md
@@ -16,7 +16,7 @@ Cosign is a command line utility that is used to sign software artifacts and ver
 
 Language specific clients (like [sigstore-python](https://github.com/sigstore/sigstore-python)) are other options for signing and verifying, but Cosign is a great, language agnostic place to start. 
 
-This quickstart will walk you through how to sign and verify a blob and a container. Although keyless signing is recommended, this quickstart will also show you how to sign using a generated key. 
+This quickstart will walk you through how to sign and verify a blob and a container.
 
 ### Installation
 
@@ -98,23 +98,6 @@ $ cosign verify <image URI> --certificate-identity=name@example.com
 cosign verify $IMAGE_URI_DIGEST --certificate-identity-regexp=.* --certificate-oidc-issuer-regexp=.*
 ```
 
-## Signing with a generated key
-
-It is recommended that you use keyless signing, as a main feature of Sigstore is to make signatures invisible infrastructure that do not require key management. However, Sigstore allows you to use an existing key or generate a key if you prefer.
-
-To generate keys using Cosign, use the `cosign generate-key-pair` command.
-
-```
-$ cosign generate-key-pair
-```
-
-The following example shows the process of signing with an existing key. You must enter the password of the private key to sign.
-
-```
-$ cosign sign --key cosign.key user/demo
-Enter password for private key:
-Pushing signature to: index.docker.io/user/demo:sha256-87ef60f558bad79be4def8.sig
-```
 ## SCM Integration
 
 Cosign integrates natively with source code management (SCM) systems like GitHub and GitLab. You can use the official [GitHub Actions Cosign installer](https://github.com/marketplace/actions/cosign-installer) or use Cosign to generate and work safely with [SCM secrets]({{< relref "cosign/signing/git_support">}}) with native API integration.