New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: PGP Signed Helm Chart #14

Open

mattfarina opened this issue Jun 11, 2021 · 1 comment

mattfarina commented Jun 11, 2021

Helm has a feature to sign and verify charts so that the provenance and integrity can be checked. Given that kubewarden is around security, this could be useful to use.

There is a plugin to make this easier with GPG.

On Artifact Hub there is a badge to show the provenance file. Here's an example. The badge shows up in search, too.

Member

viccuad commented Dec 2, 2022 •

edited

Loading

Just in case, we have been signing the Helm charts with Sigstore, and are published signed in ghcr.io.

See https://docs.kubewarden.io/tutorials/verifying-kubewarden.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment