calltheory/public-keys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add README.md

Browse source
This commit is contained in:
Patrick Labbett 2026-04-29 20:56:05 +00:00
parent f229d28392
commit b3fc643a44
1 changed files with 33 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
README.md Normal file
View file

@ -0,0 +1,33 @@
# Public Keys
Call Theory public keys for verification of signed containers from our container registery.
## Verifying Calltheory container images
All images published to `cr.calltheory.com/orbital/*` are signed with Cosign.
## Install cosign
```bash
curl -sSL -o /usr/local/bin/cosign \
https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
chmod +x /usr/local/bin/cosign
```
## Get the public key
```bash
curl -O https://git.calltheory.com/calltheory/public-keys/raw/branch/main/keys/cosign.pub
```
## Verify an image
```bash
cosign verify --key cosign.pub cr.calltheory.com/orbital/smoketest@sha256:abc123...
```
## Verify in Kubernetes
For automated verification, install *Sigstore Policy Controller* or
similar admission controller and configure it to trust this key for
images matching `cr.calltheory.com/orbital/*`.