Add Gitpod Provider Interface #2997
Labels
enhancement
New feature or request
Comments
This was referenced May 19, 2023
Closed
|
Has support for the Gitpod issuer landed in Fulcio? Is there a Go library that cosign can use instead of relying on |
|
It has not yet landed in Fulcio yet - sigstore/fulcio#1177 Blocked by an issue in GitPod |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Gitpod is a remote workspace solution that has the ability (still in BETA) to generate JWT tokens to authenticate users within a workspace against external services like Sigstore, Vault or AWS directly.
Because gitpod can generate these tokens using a command line, and thus does not require a browser to do any auth, it makes sense to create a provider within cosign and gitsign that can automatically call this CLI on the users behalf, thus eliminating the need to do any external auth checks.
The command line in question is
gp idp token --audience sigstoreand is currently still in BETA, but can be run from any gitpod workspace. The devs are currently working to add the correct email claims to the resulting token so that it is compatible with sigstore.The text was updated successfully, but these errors were encountered: