OIDC Signing with Github now production ready? #120

J12934 · 2023-04-28T12:44:55Z

Question

Hi 👋

The readme here says that OIDC signing from this action is not production ready yet.
The cosign docs page on OIDC signing states that OIDC signing is now not experimental anymore: https://docs.sigstore.dev/cosign/openid_signing/

Identity-based signing is now fully supported in Cosign.

Does this also mean that OIDC based signing from Github Actions is production ready?

Thank you 🙌

cpanato · 2023-05-16T06:47:15Z

yes, we can consider production ready, several projects are using that already :)

thanks, will close this issue

See comment in sigstore#120 Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>

See comment in #120 Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>

J12934 added the question Further information is requested label Apr 28, 2023

cpanato closed this as completed May 16, 2023

J12934 added a commit to iteratec/cosign-installer that referenced this issue May 16, 2023

Remove warning about OIDC signing being experimental

cd9b5d9

See comment in sigstore#120 Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>

J12934 mentioned this issue May 16, 2023

Remove warning about signing GitHub OIDC Tokens being experimental #123

Merged

cpanato pushed a commit that referenced this issue May 17, 2023

Remove warning about OIDC signing being experimental (#123)

87f4580

See comment in #120 Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OIDC Signing with Github now production ready? #120

OIDC Signing with Github now production ready? #120

J12934 commented Apr 28, 2023

cpanato commented May 16, 2023

OIDC Signing with Github now production ready? #120

OIDC Signing with Github now production ready? #120

Comments

J12934 commented Apr 28, 2023

cpanato commented May 16, 2023