✨ Question of the day ✨: What do you thing about signing a container image? And did you experience any problem with Cosign? GET EXCLUSIVE CONTENT: www.patreon.com/CoderDave SUPPORT THE CHANNEL : Buy me a coffee: www.buymeacoffee.com/CoderDave PayPal me donation: paypal.me/dabenveg
At ruclips.net/video/OqZlKbTRWOY/видео.html Shouldn't the command output say "Private key password written to COSIGN_PASSWORD ..." instead of "Private key written to COSIGN_PASSWORD ..." ?🤔
Never used BitBucket, but I believe it should work. And the CI/CD shouldn't be impacted as long as your container registry supports signed images (now the majority does)
Question - I have signed my image using cosign. how to get the signature that is applied on the image. We can verify that the image is signed, but I need to get the signature. Is that possible?
This video helped immensely. Thank you!. When I get to the part of signing images, I too am getting "Invalid pem block". Any pointers would be helpful. Thanks and Regards
It happened to me as well. Not sure it is the same problem, but it appears it could be a formatting issues (missing newlines characters as explained here: github.com/sigstore/cosign/issues/1051) Let me know if this helps
@@CoderDave I do lol! Btw I was looking at your repo for the cosigned image and am testing build & pushing images to both ghcr & docker hub. when I get to the section of the code where im using the cosign-installer I get the following error (i think its similar to yours in your public repo) I cant get my image signed my error is `invalid pem block` would love to learn from you if possible or a link would help as well! Thank you friend!
It happened to me as well. Not sure it is the same problem, but it appears it could be a formatting issues (missing newlines characters as explained here: github.com/sigstore/cosign/issues/1051) Let me know if this helps
✨ Question of the day ✨: What do you thing about signing a container image? And did you experience any problem with Cosign?
GET EXCLUSIVE CONTENT: www.patreon.com/CoderDave
SUPPORT THE CHANNEL :
Buy me a coffee: www.buymeacoffee.com/CoderDave
PayPal me donation: paypal.me/dabenveg
At ruclips.net/video/OqZlKbTRWOY/видео.html Shouldn't the command output say "Private key password written to COSIGN_PASSWORD ..." instead of "Private key written to COSIGN_PASSWORD ..." ?🤔
Good catch! I didn't notice it. You are right, the message is wrong. I believe it is a bug :)
thanks for the video. how do I get the url of a docker image? is there a property name I can use in GitHub Actions?
Does this cosign tool works on bitbucket pipeline?
And does the Image signing makes any challenges for the regular C/CD process
Never used BitBucket, but I believe it should work.
And the CI/CD shouldn't be impacted as long as your container registry supports signed images (now the majority does)
How can I get your public key to verify your images CoderDave
I don't have any images shared, so I don't have publish keys :) the ones I've used in the video were just examples
how can we pull the signed images after signed with cosign tool
if cosign is use for private registry
To pull the image you use the normal commands (i.e. docker pull) so that doesn't change
Blows
Its was really wonderful. But could you also please tell me how can we Enable Image Signing in CI Pipeline??
Question - I have signed my image using cosign. how to get the signature that is applied on the image.
We can verify that the image is signed, but I need to get the signature. Is that possible?
This video helped immensely. Thank you!. When I get to the part of signing images, I too am getting "Invalid pem block". Any pointers would be helpful. Thanks and Regards
It happened to me as well. Not sure it is the same problem, but it appears it could be a formatting issues (missing newlines characters as explained here: github.com/sigstore/cosign/issues/1051)
Let me know if this helps
thank you sir
All the best
You are changing my life man.
hehe I hope you mean it in a good way :D anyway, thanks and always happy to help :)
@@CoderDave I do lol! Btw I was looking at your repo for the cosigned image and am testing build & pushing images to both ghcr & docker hub. when I get to the section of the code where im using the cosign-installer I get the following error (i think its similar to yours in your public repo) I cant get my image signed my error is `invalid pem block` would love to learn from you if possible or a link would help as well! Thank you friend!
It happened to me as well. Not sure it is the same problem, but it appears it could be a formatting issues (missing newlines characters as explained here: github.com/sigstore/cosign/issues/1051)
Let me know if this helps