Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Add trusted builder key to Endorsement Release Authorization Logic Policy #97

Closed
Tracked by #91
aferr opened this issue Jun 20, 2022 · 1 comment
Closed
Tracked by #91

Add trusted builder key to Endorsement Release Authorization Logic Policy #97

aferr opened this issue Jun 20, 2022 · 1 comment

Comments

@aferr
Copy link
Contributor

aferr commented Jun 20, 2022

From what @rbehjati tells me, the outputs of trusted builders like Github Actions and Google Cloud Build will be signed using a unique keypair for these trusted builders. This signing does not yet exist (even independently of authorization logic), but we should add the relevant keys into the authorization logic policy once the signing is set up.

I think I heard that @mariaschett is working on adding key management for this (?).

Do either of you have more relevant details for this?
@aferr aferr mentioned this issue Jun 20, 2022
Closed
6 tasks
@rbehjati
Copy link
Contributor

We have this issue on Oak for tracking the signing of the Oak provenances: project-oak/oak#2626, but we are still working out the details.

@aferr aferr mentioned this issue Jun 21, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aferr @rbehjati