Cosign

Last updated 3 days ago

Cosign is a command-line utility for signing software artifacts and verifying signatures. It offers flexible signing options, including keyless signing through Sigstore's Fulcio and Rekor, hardware and KMS signing, and the use of an encrypted private/public key pair. Cosign integrates with OCI registries for signing and verification and allows users to bring their own public key infrastructure.