Offline cosign keys & keyless fallback policies

Definition

Offline cosign keys refer to cryptographic keys used for signing container images or other artifacts, which are stored securely offline to prevent unauthorized access and mitigate the risk of key compromise. Keyless fallback policies are security measures that allow for the verification of signatures without requiring access to the private keys, typically through the use of trusted third-party services or cryptographic proofs, ensuring continuity and security even if the primary signing keys are unavailable.

Secure Settings Example

# Example of a secure cosign configuration with offline keys
cosign:
  signing:
    key: /path/to/offline/private/key
    keyless:
      enabled: true
      provider: "trusted-third-party-service"
      fallback: true

Insecure Settings Example

# Example of an insecure cosign configuration with exposed keys
cosign:
  signing:
    key: /path/to/exposed/private/key
    keyless:
      enabled: false
      provider: ""
      fallback: false