> For the complete documentation index, see [llms.txt](https://documentation.immuta.com/2024.3/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.immuta.com/2024.3/self-managed-deployment/configure/cosign-verification.md).

# Cosign Verification

This guide demonstrates how to verify signed artifacts (i.e., container images, Helm charts) hosted on ocir.immuta.com using [Cosign](https://github.com/sigstore/cosign) from [Sigstore](https://sigstore.dev/).

{% hint style="info" %}
**Cosign installation**

This guide utilizes the `cosign` command to verify artifacts; ensure it's installed before proceeding. Refer to the [Cosign documentation](https://docs.sigstore.dev/cosign/system_config/installation/) for further assistance.
{% endhint %}

## Download public key

The provided key is used to sign the Helm chart and container images.

{% file src="/files/lQUCMvLOcYGqcbilQIa0" %}

## Identify container images

A `DIGESTS.md` markdown file comes bundled in the Helm chart and contains a comprehensive list of images and digests referenced. To view the file, follow these steps:

1. Download and extract the Helm chart into the working directory.

   ```shell
   helm pull oci://ocir.immuta.com/stable/immuta-enterprise --destination . --untar --version 2024.3.14
   ```
2. Open file `immuta-enterprise/DIGESTS.md`

## Verify signature

Verify an artifact's signature by referencing Immuta's public key.

```shell
cosign verify --key ./immuta-cosign.pub <image>
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.immuta.com/2024.3/self-managed-deployment/configure/cosign-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.