calltheory/public-keys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Call Theory public keys for container registry signing and verification
3 commits 1 branch 0 tags 29 KiB
Find a file
Patrick 8c0ab6996f Add calltheory.pub
2026-04-29 21:55:21 +00:00
calltheory.pub Add calltheory.pub 2026-04-29 21:55:21 +00:00
cosign.pub Add cosign.pub 2026-04-29 20:50:41 +00:00
README.md Add README.md 2026-04-29 20:56:05 +00:00

README.md

Public Keys

Call Theory public keys for verification of signed containers from our container registery.

Verifying Calltheory container images

All images published to cr.calltheory.com/orbital/* are signed with Cosign.

Install cosign

curl -sSL -o /usr/local/bin/cosign \
    https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
chmod +x /usr/local/bin/cosign

Get the public key

curl -O https://git.calltheory.com/calltheory/public-keys/raw/branch/main/keys/cosign.pub

Verify an image

cosign verify --key cosign.pub cr.calltheory.com/orbital/smoketest@sha256:abc123...

Verify in Kubernetes

For automated verification, install Sigstore Policy Controller or similar admission controller and configure it to trust this key for images matching cr.calltheory.com/orbital/*.