Keyless Code Signing Without Fulcio - Nathan Smith, Chainguard

less than 1 minute read

Abstract

Sigstore’s certificate authority Fulcio has popularized the idea of “keyless” signing. The keyless method makes signing hassle free by removing the need to manage private keys. Do you need to run Fulcio yourself if you want the same convenient signing flow, but you want your own trust root? No! In this talk, we’ll walk through the what keyless signing really means and how to configure existing PKI solutions like Vault and stepca to use it.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Keyless Code Signing Without Fulcio - Nathan Smith, Chainguard

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google