diff --git a/README.md b/README.md
index 7b38ea94..01efc0e5 100644
--- a/README.md
+++ b/README.md
@@ -66,20 +66,25 @@ The following config options are supported:
| issuer | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
| redirectURL | | OIDC Redirect URL |
| rekor | https://rekor.sigstore.dev | Address of Rekor server |
-| connectorID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:
- `https://github.com/login/oauth`
- `https://accounts.google.com`
- `https://login.microsoftonline.com`|
+| connectorID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:
- `https://github.com/login/oauth`
- `https://accounts.google.com`
- `https://login.microsoftonline.com` |
### Environment Variables
-| Environment Variable | Default | Description |
-| ------------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| GITSIGN_CREDENTIAL_CACHE | | Optional path to [gitsign-credential-cache](cmd/gitsign-credential-cache/README.md) socket. |
-| GITSIGN_CONNECTOR_ID | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:
- `https://github.com/login/oauth`
- `https://accounts.google.com`
- `https://login.microsoftonline.com`|
-| GITSIGN_FULCIO_URL | https://fulcio.sigstore.dev | Address of Fulcio server |
-| GITSIGN_LOG | | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
-| GITSIGN_OIDC_CLIENT_ID | sigstore | OIDC client ID for application |
-| GITSIGN_OIDC_ISSUER | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
-| GITSIGN_OIDC_REDIRECT_URL | | OIDC Redirect URL |
-| GITSIGN_REKOR_URL | https://rekor.sigstore.dev | Address of Rekor server |
+| Environment Variable | Sigstore
Prefix | Default | Description |
+| ------------------------- | ------------------ | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| GITSIGN_CREDENTIAL_CACHE | ❌ | | Optional path to [gitsign-credential-cache](cmd/gitsign-credential-cache/README.md) socket. |
+| GITSIGN_CONNECTOR_ID | ✅ | | Optional Connector ID to auto-select to pre-select auth flow to use. For the public sigstore instance, valid values are:
- `https://github.com/login/oauth`
- `https://accounts.google.com`
- `https://login.microsoftonline.com` |
+| GITSIGN_FULCIO_URL | ✅ | https://fulcio.sigstore.dev | Address of Fulcio server |
+| GITSIGN_LOG | ❌ | | Path to log status output. Helpful for debugging when no TTY is available in the environment. |
+| GITSIGN_OIDC_CLIENT_ID | ✅ | sigstore | OIDC client ID for application |
+| GITSIGN_OIDC_ISSUER | ✅ | https://oauth2.sigstore.dev/auth | OIDC provider to be used to issue ID token |
+| GITSIGN_OIDC_REDIRECT_URL | ✅ | | OIDC Redirect URL |
+| GITSIGN_REKOR_URL | ✅ | https://rekor.sigstore.dev | Address of Rekor server |
+
+For environment variables that support `Sigstore Prefix`, the values may be
+provided with either a `GITSIGN_` or `SIGSTORE_` prefix - e.g.
+`GITSIGN_CONNECTOR_ID` or `SIGSTORE_CONNECTOR_ID`. If both environment variables
+are set, `GITSIGN_` prefix takes priority.
## Usage
diff --git a/internal/config/config.go b/internal/config/config.go
index cc4c9dd7..8ef2b12a 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -15,6 +15,7 @@
package config
import (
+ "fmt"
"os"
"github.com/go-git/go-git/v5"
@@ -77,13 +78,19 @@ func getWithRepo(repo *git.Repository) (*Config, error) {
}
// Get values from env vars
- out.Fulcio = envOrValue("GITSIGN_FULCIO_URL", out.Fulcio)
- out.Rekor = envOrValue("GITSIGN_REKOR_URL", out.Rekor)
- out.ClientID = envOrValue("GITSIGN_OIDC_CLIENT_ID", out.ClientID)
- out.RedirectURL = envOrValue("GITSIGN_OIDC_REDIRECT_URL", out.RedirectURL)
- out.Issuer = envOrValue("GITSIGN_OIDC_ISSUER", out.Issuer)
+
+ // Check for common environment variables that could be shared with other
+ // Sigstore tools. Gitsign envs should take precedence.
+ for _, prefix := range []string{"SIGSTORE", "GITSIGN"} {
+ out.Fulcio = envOrValue(fmt.Sprintf("%s_FULCIO_URL", prefix), out.Fulcio)
+ out.Rekor = envOrValue(fmt.Sprintf("%s_REKOR_URL", prefix), out.Rekor)
+ out.ClientID = envOrValue(fmt.Sprintf("%s_OIDC_CLIENT_ID", prefix), out.ClientID)
+ out.RedirectURL = envOrValue(fmt.Sprintf("%s_OIDC_REDIRECT_URL", prefix), out.RedirectURL)
+ out.Issuer = envOrValue(fmt.Sprintf("%s_OIDC_ISSUER", prefix), out.Issuer)
+ out.ConnectorID = envOrValue(fmt.Sprintf("%s_CONNECTOR_ID", prefix), out.ConnectorID)
+ }
+
out.LogPath = envOrValue("GITSIGN_LOG", out.LogPath)
- out.ConnectorID = envOrValue("GITSIGN_CONNECTOR_ID", out.ConnectorID)
return out, nil
}
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index 73b3c05a..d5ef4d32 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -65,6 +65,13 @@ func TestGet(t *testing.T) {
// This just overrides default value.
t.Setenv("GITSIGN_OIDC_ISSUER", "tacocat")
+ // Recognize SIGSTORE prefixes.
+ t.Setenv("SIGSTORE_OIDC_REDIRECT_URL", "example.com")
+
+ // GITSIGN prefix takes priority over SIGSTORE.
+ t.Setenv("SIGSTORE_CONNECTOR_ID", "foo")
+ t.Setenv("GITSIGN_CONNECTOR_ID", "bar")
+
want := &Config{
// Default overridden by config
Fulcio: "example.com",
@@ -73,7 +80,9 @@ func TestGet(t *testing.T) {
// Default value
ClientID: "sigstore",
// Overridden by env var
- Issuer: "tacocat",
+ Issuer: "tacocat",
+ RedirectURL: "example.com",
+ ConnectorID: "bar",
}
got, err := getWithRepo(repo)