cimon-attest: Support for signing with Azure Key Vault stored key

[gerritlansing]

We use Azure Key Vault (HSM-backed) to store our signing keys. Would you be able to support signing provenance with Azure Key Vault backed keys?

[alex-ilgayev]

@gerritlansing, apologies for the delay. Thanks for raising the request!

We currently support keys given as input parameters in popular formats (RSA/EC) through PEM format, and we plan to extend the support to keys stored in cloud KMS, including Azure Key Vault. We don't have a specific timeline at the moment.

As a workaround, it is possible to fetch a short-lived signature key beforehand, through Azure CLI, such as az keyvault ..., and give the key as an input to the cimon-action action.

Let me know if it works for you, and I would love to hear additional feedback you have for the cimon attest capability!