Skip to main content
Version: 1.7

Verification Config

Example

Here you can see an example of a configuration for verifying signatures using the Sigstore workflow:

---
apiVersion: v1

allOf:
- kind: githubAction
owner: kubewarden # mandatory
repo: policy-server # optional
annotations: # optional
env: prod

anyOf: # at least `anyOf.minimumMatches` are required to match
minimumMatches: 2 # default is 1
signatures:
- kind: pubKey
owner: alice # optional
key: | # mandatory
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQiTy5S+2JFvVlhUwWPLziM7iTM2j
byLgh2IjpNQN0Uio/9pZOTP/CsJmXoUNshfpTUHd3OxgHgz/6adtf2nBwQ==
-----END PUBLIC KEY-----
annotations: # optional
env: prod
- kind: genericIssuer
issuer: https://github.com/login/oauth
subject:
equal: alice@example.com
- kind: genericIssuer
issuer: https://token.actions.githubusercontent.com
subject:
equal: https://github.com/bob/app-example/.github/workflows/release.yml@refs/heads/main
annotations: # optional
env: prod
- kind: genericIssuer
issuer: https://token.actions.githubusercontent.com
subject:
urlPrefix: https://github.com/bob # <- it will be post-fixed with `/` for security reasons

Format

The config has 2 root keys:

  • allOf: All verification info listed here must be satisfied for accepting a container image as signed.
  • anyOf: At least anyOf.minimumMatches of all info listed here must be satisfied for accepting a container image as signed.

These two root keys accept an array of keys of type kind. A full list of accepted keys based on different use cases is given below.

  • pubKey: for signatures performed with traditional public/private key cryptography.
  • githubAction: for signatures performed with Sigstore's keyless workflow inside GitHub Actions. Kubewarden checks this information against the x509 certificate extension workflow_repository created by the OpenID Connect of Github, and not only the issuer and subject. Hence, it is strongly recommended to use this kind if dealing with GitHub Actions.
  • genericIssuer: for signatures performed with Sigstore's keyless worfklow, where the user needs to validate the certificate issuer and subject on their own. It accepts a subject, which can be:
    • equal: the value passed here must match exactly against the subject in the signing certificate.
    • urlPrefix: the value passed here is post-fixed with / to prevent typo-squatting, and must be a prefix of the subject in the signing certificate.

the kind key optionally accepts an annotations key, with a list of key-values, that must be present in the signature.