Generates a key-pair.
Generates a key-pair for signing.
cosign generate-key-pair [flags]
cosign generate-key-pair [--kms KMSPATH]
# generate key-pair and write to cosign.key and cosign.pub files
cosign generate-key-pair
# generate key-pair and write to custom named my-name.key and my-name.pub files
cosign generate-key-pair --output-key-prefix my-name
# generate a key-pair in Azure Key Vault
cosign generate-key-pair --kms azurekms://[VAULT_NAME][VAULT_URI]/[KEY]
# generate a key-pair in AWS KMS
cosign generate-key-pair --kms awskms://[ENDPOINT]/[ID/ALIAS/ARN]
# generate a key-pair in Google Cloud KMS
cosign generate-key-pair --kms gcpkms://projects/[PROJECT]/locations/global/keyRings/[KEYRING]/cryptoKeys/[KEY]
# generate a key-pair in Hashicorp Vault
cosign generate-key-pair --kms hashivault://[KEY]
# generate a key-pair in Kubernetes Secret
cosign generate-key-pair k8s://[NAMESPACE]/[NAME]
# generate a key-pair in GitHub
cosign generate-key-pair github://[OWNER]/[PROJECT_NAME]
# generate a key-pair in GitLab with project name
cosign generate-key-pair gitlab://[OWNER]/[PROJECT_NAME]
# generate a key-pair in GitLab with project id
cosign generate-key-pair gitlab://[PROJECT_ID]
CAVEATS:
This command interactively prompts for a password. You can use
the COSIGN_PASSWORD environment variable to provide one.
-h, --help help for generate-key-pair
--kms string create key pair in KMS service to use for signing
--output-key-prefix cosign name used for generated .pub and .key files (defaults to cosign) (default "cosign")
--output-file string log output to a file
-t, --timeout duration timeout for commands (default 3m0s)
-d, --verbose log debug output
- cosign - A tool for Container Signing, Verification and Storage in an OCI registry.