You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cosign verify \
--key https://artifacts.elastic.co/cosign.pub \
elastic/elasticsearch:8.8.0
Verification for index.docker.io/elastic/elasticsearch:8.8.0 --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- The signatures were verified against the specified public key
[{"critical":{"identity":{"docker-reference":"docker.elastic.co/elasticsearch/elasticsearch"},"image":{"docker-manifest-digest":"sha256:9aaa38551b4d9e655c54d9dc6a1dad24ee568c41952dc8cf1d4808513cfb5f65"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEUCIB6wscj/N6wUOhMq9pFSgaaji3d5HlOLsz2xiI40aW0mAiEA6nvDSPSwwfShSVbILUTbMFqVAfPWvrB5XXz13htMlUQ=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIzZmYzZDIzZWVmOTliMDI3YWMzNjE2YWY2ZWQyZTk4MjgyMDRkOTY0MTU0MTQ4MzJiZTU5YThhMzAzZmRjN2YzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURIenVoV3pibkZsSUxVallMN2MxWm9TaVh3NzVPdmF2SldLVGsvcGRSQUhRSWhBS2hZSS9KTXZtNWJ6M3k2ajdvSzFQc2ZxUUQ0K01lQS9uSFB2a3F4UzIzVyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGY1ZaMlRtUlJkR1JrZEdWdGRtWmpWV1V5VGpCbloxZ3ZjSFJxYVFwRlZYRjRlakp3UkZVM1ZWYzFiVE53WkcxSU1UTnJUVXR3ZURselJqUjJWVFZLVDJVM1ZYSXJSazVJVERkaFlXaE1hbWRIWXpBNGRXUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=","integratedTime":1685024464,"logIndex":21642671,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"tag":"8.8.0"}}]
Elasticsearch - Elastic Container Registry
cosign verify \
--key https://artifacts.elastic.co/cosign.pub \
docker.elastic.co/elasticsearch/elasticsearch:8.8.0
Verification for docker.elastic.co/elasticsearch/elasticsearch:8.8.0 --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- The signatures were verified against the specified public key
[{"critical":{"identity":{"docker-reference":"docker.elastic.co/elasticsearch/elasticsearch"},"image":{"docker-manifest-digest":"sha256:9aaa38551b4d9e655c54d9dc6a1dad24ee568c41952dc8cf1d4808513cfb5f65"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEUCIB6wscj/N6wUOhMq9pFSgaaji3d5HlOLsz2xiI40aW0mAiEA6nvDSPSwwfShSVbILUTbMFqVAfPWvrB5XXz13htMlUQ=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIzZmYzZDIzZWVmOTliMDI3YWMzNjE2YWY2ZWQyZTk4MjgyMDRkOTY0MTU0MTQ4MzJiZTU5YThhMzAzZmRjN2YzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURIenVoV3pibkZsSUxVallMN2MxWm9TaVh3NzVPdmF2SldLVGsvcGRSQUhRSWhBS2hZSS9KTXZtNWJ6M3k2ajdvSzFQc2ZxUUQ0K01lQS9uSFB2a3F4UzIzVyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGY1ZaMlRtUlJkR1JrZEdWdGRtWmpWV1V5VGpCbloxZ3ZjSFJxYVFwRlZYRjRlakp3UkZVM1ZWYzFiVE53WkcxSU1UTnJUVXR3ZURselJqUjJWVFZLVDJVM1ZYSXJSazVJVERkaFlXaE1hbWRIWXpBNGRXUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=","integratedTime":1685024464,"logIndex":21642671,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"tag":"8.8.0"}}]
Elasticsearch - AWS ECR registry
cosign verify \
--key https://artifacts.elastic.co/cosign.pub \
public.ecr.aws/elastic/elasticsearch:8.8.0
Verification for public.ecr.aws/elastic/elasticsearch:8.8.0 --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- The signatures were verified against the specified public key
[{"critical":{"identity":{"docker-reference":"docker.elastic.co/elasticsearch/elasticsearch"},"image":{"docker-manifest-digest":"sha256:9aaa38551b4d9e655c54d9dc6a1dad24ee568c41952dc8cf1d4808513cfb5f65"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEUCIB6wscj/N6wUOhMq9pFSgaaji3d5HlOLsz2xiI40aW0mAiEA6nvDSPSwwfShSVbILUTbMFqVAfPWvrB5XXz13htMlUQ=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIzZmYzZDIzZWVmOTliMDI3YWMzNjE2YWY2ZWQyZTk4MjgyMDRkOTY0MTU0MTQ4MzJiZTU5YThhMzAzZmRjN2YzIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURIenVoV3pibkZsSUxVallMN2MxWm9TaVh3NzVPdmF2SldLVGsvcGRSQUhRSWhBS2hZSS9KTXZtNWJ6M3k2ajdvSzFQc2ZxUUQ0K01lQS9uSFB2a3F4UzIzVyIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGY1ZaMlRtUlJkR1JrZEdWdGRtWmpWV1V5VGpCbloxZ3ZjSFJxYVFwRlZYRjRlakp3UkZVM1ZWYzFiVE53WkcxSU1UTnJUVXR3ZURselJqUjJWVFZLVDJVM1ZYSXJSazVJVERkaFlXaE1hbWRIWXpBNGRXUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=","integratedTime":1685024464,"logIndex":21642671,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"tag":"8.8.0"}}]
The text was updated successfully, but these errors were encountered:
Hi,
Starting with 8.8.0, the Elastic images are now signed with Cosign Sigstore as you can see below.
Do you have plans to support signing the "library" images?
Or even better a way for us to push our signed images there similar to the
elastic
images?Thanks
cc @tianon
Elasticsearch - Docker Hub Elastic repository
Elasticsearch - Elastic Container Registry
Elasticsearch - AWS ECR registry
The text was updated successfully, but these errors were encountered: