Adjust the IAM queries for secret manager. #151
Merged
Chainguard Enforce / Enforce - Commit Signing
succeeded
Feb 16, 2024 in 0s
Successfully verified commit signature.
CLAIM | DESCRIPTION | |
---|---|---|
✅ | Found Git signature | |
✅ | Validated Git signature | |
✅ | Validated Rekor entry | |
✅ | Allowed by policy |
Details
Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 26448081956808857648269591611867284939000824256 (0x4a1f9175366980b30aafb25b408cc81b83cc1c0)
Signature Algorithm: ECDSA-SHA384
Issuer: O=sigstore.dev,CN=sigstore-intermediate
Validity
Not Before: Feb 16 16:36:36 2024 UTC
Not After : Feb 16 16:46:36 2024 UTC
Subject: Subject Public Key Info:
Public Key Algorithm: ECDSA
Public-Key: (256 bit)
X:
5a:3c:2d:f6:16:4f:92:b7:e9:0e:7f:3d:b7:fa:84:
1b:95:10:d8:a5:4f:19:ed:90:be:79:03:4d:5c:eb:
c2:25
Y:
d5:a6:de:96:c7:c3:a6:bf:09:ff:0e:3b:88:0f:fa:
94:b8:68:78:0a:87:18:ed:41:49:ce:01:11:ac:6e:
da:4b
Curve: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 Subject Key Identifier:
24:8F:33:23:3B:C4:81:C8:C9:70:42:34:6B:7B:81:75:5A:8E:0E:7D
X509v3 Authority Key Identifier:
keyid:DF:D3:E9:CF:56:24:11:96:F9:A8:D8:E9:28:55:A2:C6:2E:18:64:3F
X509v3 Subject Alternative Name: critical
email:mattmoor@chainguard.dev
oidcIssuer:
https://accounts.google.com
Unknown extension 1.3.6.1.4.1.57264.1.8
Signed Certificate Timestamp:
BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABjbLG5lsAAAQDAEcwRQIgIvWRMh16/Oy8Jmdc0zsJR/Iz0gBCcCNwM/eY9ZzmnyICIQDY4Gu2NuJjGfhW06jCtKmOpoTRDiDdFHR/w89glQ2/Iw==
Signature Algorithm: ECDSA-SHA384
30:65:02:31:00:b2:29:71:48:9d:f2:13:e7:d8:1d:0b:96:d4:
ef:6c:14:ef:9d:b8:2e:d9:0a:09:50:2b:86:05:00:bb:d8:f2:
cc:86:29:4b:df:c3:c9:38:5f:41:86:37:93:30:1a:41:2c:02:
30:25:17:eb:17:06:50:b3:5f:78:14:1b:2e:88:7c:70:b5:74:
8e:92:b4:6e:df:48:e2:d8:6d:18:70:40:51:71:a2:54:5e:fa:
4c:f6:56:9a:be:8d:55:61:30:65:0f:b2:38
Rekor Entry
{
"body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI3MmU3ZTVhNTI3YzM1NWNmM2QyZTI2NTVkMGYxZGU3MWUzZGUwYWNiMDdiNTlmYjViZGJhZmVmNTFhYTIwZTcwIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQUZ3VXJPS0xZYTNGNERWVWt0cklOdmg2WitjNDFPVHU4K2t2MUx6ZEVrWUFpQVhxUDVBWi9hVDMxWHRDa1hKZkNvdUhNV25LZEFtTkVyR0h5UHJkaFhVemc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXdSRU5EUVd4aFowRjNTVUpCWjBsVlFrdElOVVl4VG0xdFFYTjNjWFp6YkhSQmFrMW5ZbWM0ZDJOQmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJkMDFxUlRKTlZGbDZUbXBOTWxkb1kwNU5hbEYzVFdwRk1rMVVXVEJPYWsweVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZYYW5kME9XaGFVR3R5Wm5CRWJqZzVkQzl4UlVjMVZWRXlTMVpRUjJVeVVYWnVhMFFLVkZaNmNuZHBXRlp3ZERaWGVEaFBiWFozYmk5RWFuVkpSQzl4VlhWSGFEUkRiMk5aTjFWR1NucG5SVkp5UnpkaFV6WlBRMEZZVlhkblowWjRUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZLU1RoNkNrbDZka1ZuWTJwS1kwVkpNR0V6ZFVKa1ZuRlBSRzR3ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBwUldVUldVakJTUVZGSUwwSkNjM2RIV1VWWVlsZEdNR1JITVhaaU0wcEJXVEpvYUdGWE5XNWtWMFo1V2tNMWExcFlXWGRMVVZsTFMzZFpRZ3BDUVVkRWRucEJRa0ZSVVdKaFNGSXdZMGhOTmt4NU9XaFpNazUyWkZjMU1HTjVOVzVpTWpsdVlrZFZkVmt5T1hSTlEzTkhRMmx6UjBGUlVVSm5OemgzQ2tGUlowVklVWGRpWVVoU01HTklUVFpNZVRsb1dUSk9kbVJYTlRCamVUVnVZakk1Ym1KSFZYVlpNamwwVFVsSFMwSm5iM0pDWjBWRlFXUmFOVUZuVVVNS1FraDNSV1ZuUWpSQlNGbEJNMVF3ZDJGellraEZWRXBxUjFJMFkyMVhZek5CY1VwTFdISnFaVkJMTXk5b05IQjVaME00Y0Rkdk5FRkJRVWRPYzNOaWJRcFhkMEZCUWtGTlFWSjZRa1pCYVVGcE9WcEZlVWhZY2pnM1RIZHRXakY2VkU5M2JFZzRhbEJUUVVWS2Qwa3pRWG81TldveGJrOWhaa2xuU1doQlRtcG5DbUUzV1RJMGJVMWFLMFppVkhGTlN6QnhXVFp0YUU1RlQwbE9NRlZrU0M5RWVqSkRWa1JpT0dwTlFXOUhRME54UjFOTk5EbENRVTFFUVRKblFVMUhWVU1LVFZGRGVVdFlSa2x1WmtsVU5UbG5aRU0xWWxVM01uZFZOelV5TkV4MGEwdERWa0Z5YUdkVlFYVTVhbmw2U1Zsd1V6a3ZSSGxVYUdaUldWa3phM3BCWVFwUlUzZERUVU5WV0RaNFkwZFZURTVtWlVKUllreHZhRGhqVEZZd2FuQkxNR0owT1VrMGRHaDBSMGhDUVZWWVIybFdSamMyVkZCYVYyMXlOazVXVjBWM0NscFJLM2xQUVQwOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19",
"integratedTime": 1708101396,
"logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d",
"logIndex": 71856603,
"verification": {
"inclusionProof": {
"checkpoint": "rekor.sigstore.dev - 2605736670972794746\n67693382\n17ERc/2Mhw4qRZWooGWz0sLZuCQKxiBay6dfCwuMY4k=\nTimestamp: 1708101535522276004\n\n— rekor.sigstore.dev wNI9ajBFAiEAhhEZTGiLnEbbPwjegrQatGHpVKnIpm7m3UDf6oyViyoCIFWy/LEjVYN85DM3mGUUaBapd32rFCi44WSgCqaDsLUo\n",
"hashes": [
"9c584379ae4c7111c581b92e596f42295344302373f8e7d23648b7b013c8037c",
"f26aa8d4c48a708219a12a7a2c793a6e37ecc065618502fae9f1074813d3f302",
"f18c9968b318553e5e51e96e1cd2656ee02cacfffb7f0fe195e3ecff732121af",
"aa2b280bd1be4e010c9f7c3c9f72765f22f23953fd4f1942d5ce8d00800c17bb",
"6d0c358d6ea69666c0b6327e132843fc3009c384408bfe1f3ef37d1ccae4d85c",
"85d20e2e146f6cd6f51c773297d8899ecc1b3781735d16afd50785b2ba6bd467",
"5b3239bff93a6df34409ab9b8167116cf316ca7c13fe38c966c95e933ea786b7",
"595cd29a0996eb38221787a084acf50d5645040ef199b6d58598de1e1b4f38e6",
"4833160062673c95b124e92ab08776524f677801fc1ed95aa4866cc6cdc2c685",
"5390b77da7fd88759abaf16c80835e445edff63e82349c2dd85f77cf454d3099",
"38b31bd8736b94b75d30bad7b4b7bcf82db63b66322f2984fcd784bb61ba5e09",
"a74fcc455bb105c210b092345c67708a75706af5dab5186307120ae573722985",
"d4b4b66db6ee1fc262b5c59b2f2ccabe828cd363f233b5f876c4fee2d1075413",
"b982441762b9e7d8a1a7968d5c7f2b385f2900c65518624f52c196aeb54aa627",
"5a8eeccd87f0d7076ac6de63efb63466d90a82f7b5227d665a2dfd7471498cb8",
"f7c7a7ccc682fb1e6808cbc8650039cfcbeed9aa4330216f13ff77e4d7ee3f0f"
],
"logIndex": 67693172,
"rootHash": "d7b11173fd8c870e2a4595a8a065b3d2c2d9b8240ac6205acba75f0b0b8c6389",
"treeSize": 67693382
},
"signedEntryTimestamp": "MEYCIQDuJ6nDcHtSL50r9gwhX/TscRhLqPG0grlGrlrzwxz27wIhAJr729/bZeVh6qdv/7F3Uqn01dP8FojkeUzjjmt5NWH0"
}
}
Loading