39 lines
No EOL
981 B
Markdown
39 lines
No EOL
981 B
Markdown
# Public Keys
|
|
|
|
Call Theory public keys for verification of signed containers from our container registery.
|
|
|
|
## Call Theory SSH Public Key
|
|
|
|
- [calltheory.pub](calltheory.pub)
|
|
|
|
> Add to your `authorized_keys` file for the
|
|
|
|
## Verifying Calltheory container images
|
|
|
|
All images published to `cr.calltheory.com/orbital/*` are signed with Cosign.
|
|
|
|
### Install cosign
|
|
|
|
```bash
|
|
curl -sSL -o /usr/local/bin/cosign \
|
|
https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
|
|
chmod +x /usr/local/bin/cosign
|
|
```
|
|
|
|
### Get the public key
|
|
|
|
```bash
|
|
curl -O https://git.calltheory.com/calltheory/public-keys/raw/branch/main/keys/cosign.pub
|
|
```
|
|
|
|
### Verify an image
|
|
|
|
```bash
|
|
cosign verify --key cosign.pub cr.calltheory.com/orbital/smoketest@sha256:abc123...
|
|
```
|
|
|
|
### Verify in Kubernetes
|
|
|
|
For automated verification, install *Sigstore Policy Controller* or
|
|
similar admission controller and configure it to trust this key for
|
|
images matching `cr.calltheory.com/orbital/*`. |