Cosign Verification
This guide demonstrates how to verify signed artifacts (i.e., container images, Helm charts) hosted on ocir.immuta.com using Cosign from Sigstore.
Download public key
The provided key is used to sign the Helm chart and container images.
Identify container images
A DIGESTS.md
markdown file comes bundled in the Helm chart and contains a comprehensive list of images and digests referenced. To view the file, follow these steps:
Download and extract the Helm chart into the working directory.
Open file
immuta-enterprise/DIGESTS.md
Verify signature
Verify an artifact's signature by referencing Immuta's public key.
Last updated
Was this helpful?