From d14cc038f8d658eff8124b21d1a7524cd8aab72e Mon Sep 17 00:00:00 2001 From: Appu Date: Fri, 6 Sep 2024 09:53:21 -0400 Subject: [PATCH] Update README.md --- README.md | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 8a5dfbd57..e4045bfe0 100644 --- a/README.md +++ b/README.md @@ -50,33 +50,13 @@ Any other tags are considered deprecated and are no longer updated ## How do I verify distroless images? -All distroless images are signed by [cosign](https://github.com/sigstore/cosign). -We recommend verifying any distroless image you use before building your image. - -#### Keyless - -Distroless images are signed with cosign in keyless mode, this is the only supported mechanism starting November 2023. You can verify the keyless signature of any distroless image with: +All distroless images are signed by [cosign](https://github.com/sigstore/cosign) with emphemeral keys (keyless) -- this is the only supported mechanism starting November 2023. +We recommend verifying any distroless image you use before building your image. You can verify the keyless signature of any distroless image with: ``` cosign verify $IMAGE_NAME --certificate-oidc-issuer https://accounts.google.com --certificate-identity keyless@distroless.iam.gserviceaccount.com ``` -#### Key (DEPRECATED) - -Verifying using the distroless keys is deprecated in favor of keyless. These signing events are not uploaded to the transparency log. You can use the [distroless public key](cosign.pub) to verify any distroless image with: - -Images built after November 2023 will not be verifiable with `cosign.pub`, use keyless signature verification - -``` -cat cosign.pub ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWZzVzkb8A+DbgDpaJId/bOmV8n7Q -OqxYbK0Iro6GzSmOzxkn+N2AKawLyXi84WSwJQBK//psATakCgAQKkNTAA== ------END PUBLIC KEY----- - -cosign verify --key cosign.pub $IMAGE_NAME --insecure-ignore-tlog -``` - ### Entrypoints Note that distroless images by default do not contain a shell.