diff --git a/doc/cosign_attest-blob.md b/doc/cosign_attest-blob.md index 63a3068ad68..a6baddae9f2 100644 --- a/doc/cosign_attest-blob.md +++ b/doc/cosign_attest-blob.md @@ -36,8 +36,8 @@ cosign attest-blob [flags] --bundle string write everything required to verify the blob to a FILE --certificate string path to the X.509 certificate in PEM format to include in the OCI Signature --certificate-chain string path to a list of CA X.509 certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate. Included in the OCI Signature - --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. + --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") --hash string hash of blob in hexadecimal (base16). Used if you want to sign an artifact stored elsewhere and have the hash -h, --help help for attest-blob --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted. diff --git a/doc/cosign_attest.md b/doc/cosign_attest.md index cb7bdc4e152..27158c333d4 100644 --- a/doc/cosign_attest.md +++ b/doc/cosign_attest.md @@ -47,10 +47,10 @@ cosign attest [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --certificate string path to the X.509 certificate in PEM format to include in the OCI Signature --certificate-chain string path to a list of CA X.509 certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate. Included in the OCI Signature + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") -h, --help help for attest --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted. - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. --insecure-skip-verify skip verifying fulcio published to the SCT (this should only be used for testing). --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --key string path to the private key file, KMS URI or Kubernetes Secret diff --git a/doc/cosign_sign-blob.md b/doc/cosign_sign-blob.md index e9f1d466411..8bd0c42075a 100644 --- a/doc/cosign_sign-blob.md +++ b/doc/cosign_sign-blob.md @@ -38,10 +38,10 @@ cosign sign-blob [flags] ``` --b64 whether to base64 encode the output (default true) --bundle string write everything required to verify the blob to a FILE + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") -h, --help help for sign-blob --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted. - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. --insecure-skip-verify skip verifying fulcio published to the SCT (this should only be used for testing). --issue-certificate issue a code signing certificate from Fulcio, even if a key is provided --key string path to the private key file, KMS URI or Kubernetes Secret diff --git a/doc/cosign_sign.md b/doc/cosign_sign.md index 121b8997587..584be6cadf0 100644 --- a/doc/cosign_sign.md +++ b/doc/cosign_sign.md @@ -79,10 +79,10 @@ cosign sign [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] --certificate string path to the X.509 certificate in PEM format to include in the OCI Signature --certificate-chain string path to a list of CA X.509 certificates in PEM format which will be needed when building the certificate chain for the signing certificate. Must start with the parent intermediate CA certificate of the signing certificate and end with the root certificate. Included in the OCI Signature + --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. --fulcio-url string address of sigstore PKI server (default "https://fulcio.sigstore.dev") -h, --help help for sign --identity-token string identity token to use for certificate from fulcio. the token or a path to a file containing the token is accepted. - --fulcio-auth-flow string fulcio interactive oauth2 flow to use for certificate from fulcio. Defaults to determining the flow based on the runtime environment. --insecure-skip-verify skip verifying fulcio published to the SCT (this should only be used for testing). --issue-certificate issue a code signing certificate from Fulcio, even if a key is provided --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity).