Step SDS v0.2.2-rc22 (22-10-28)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc22_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc22_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc22_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 80ab760 wip

Thanks!

Those were the changes on v0.2.2-rc22!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc21 (22-10-28)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc21_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc21_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc21_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• d34491c wip

Thanks!

Those were the changes on v0.2.2-rc21!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc20 (22-10-28)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc20_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc20_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc20_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 39daa17 wip

Thanks!

Those were the changes on v0.2.2-rc20!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc19 (22-10-27)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc19_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc19_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc19_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 8b7a6f9 forgot experimental flag

Thanks!

Those were the changes on v0.2.2-rc19!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc18 (22-10-27)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc18_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc18_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc18_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• cb88d4b cosign as part of docker workflow action

Thanks!

Those were the changes on v0.2.2-rc18!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc17 (22-10-27)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc17_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc17_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc17_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• eda0260 Remove cosign bit for now

Thanks!

Those were the changes on v0.2.2-rc17!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc16 (22-10-27)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc16_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc16_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc16_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 892b89d [action] get docker image digest for cosign

Thanks!

Those were the changes on v0.2.2-rc16!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc15 (22-10-26)

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc15_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc15_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc15_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 0153a8c correct release date

Thanks!

Those were the changes on v0.2.2-rc15!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc14 (${RELEASE_DATE})

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc14_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc14_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc14_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 62bae90 [action] cosign by container image name (not by tag)

Thanks!

Those were the changes on v0.2.2-rc14!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Step SDS v0.2.2-rc13 (${RELEASE_DATE})

Signatures and Checksums

step-sds uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  --certificate ~/Downloads/step-sds_darwin_0.2.2-rc13_amd64.tar.gz.pem \
  --signature ~/Downloads/step-sds_darwin_0.2.2-rc13_amd64.tar.gz.sig \
  ~/Downloads/step-sds_darwin_0.2.2-rc13_amd64.tar.gz

The checksums.txt file (in the 'Assets' section below) contains a checksum for every artifact in the release.

Changelog

• 5c40aa0 [action] keyless cosign for all release artifacts

Thanks!

Those were the changes on v0.2.2-rc13!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.