calltheory/public-keys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Call Theory public keys for container registry signing and verification
5 commits 1 branch 0 tags 29 KiB
Find a file
Patrick 6a0d25e09c Update README.md
2026-04-29 22:10:15 +00:00
calltheory.pub Add calltheory.pub 2026-04-29 21:55:21 +00:00
cosign.pub Add cosign.pub 2026-04-29 20:50:41 +00:00
README.md Update README.md 2026-04-29 22:10:15 +00:00

README.md

Public Keys

Call Theory public keys for verification of signed containers from our container registery.

Call Theory SSH Public Key

Add to your authorized_keys file for the SSH user Call Theory uses to access your server(s).

Call Theory Container Registry

All images published to cr.calltheory.com/orbital/* are signed with cosign.

Install cosign

You will need to install cosign first to validate our signed containers. More information can be found here.

Login to the Call Theory container registery

Run podman login cr.calltheory.com (or docker login cr.calltheory.com) before trying to verify the signature on our containers.

We will create and share a "robot" account with you for access:

  • Container registery username: calltheory$orbital+yourcompany
  • Container registery password: <redacted>

Once you have logged in, you can verify signatures using cosign.pub, our public key.

Get the public key

curl -O https://git.calltheory.com/calltheory/public-keys/raw/branch/main/keys/cosign.pub

Verify an image

cosign verify --key cosign.pub cr.calltheory.com/orbital/smoketest@sha256:abc123...

Verify in Kubernetes

For automated verification, install Sigstore Policy Controller or similar admission controller and configure it to trust this key for images matching cr.calltheory.com/orbital/*.