For more background on “keyless signing”, see our previous posts on Fulcio and keyless signing with EKS. Here we will walk through how to apply these concepts to Github’s recently launched support for OpenID Connect (OIDC) tokens in Actions.
Signing Container Images
Note: A common mistake here is to sign the tag you just pushed. Tags are mutable and can point to different image digests over time, so if you use the tag here you are opening yourself up to both race conditions and malicious actors (incl. the registry!) which could have you sign something other than what you just pushed. By signing the digest you just pushed, you effectively eliminate the need to trust the registry because you are signing a crypographically verifiable checksum of the image.
Putting it together
If you take the resulting image digest and run:
You should see (snipped for brevity):
Bonus: More than just containers!
While containers are an increasingly prominent type of artifact, they are not the only game in town! Thankfully the concepts we discussed here apply to most forms of artifacts, and we are seeing the Sigstore community working to integrate with all manner of artifacts.
In the Go ecosystem, the popular goreleaser project recently added support for keyless signing (example repo, blog). In the Ruby ecosystem, Shopify is investing in signing rubygems. In the Python ecosystem, there is PEP-480 trying to address package signing.