Importing Key Pairs

Currently only supports RSA and ECDSA private keys in PEM format

Import a Key Pair

To use a local key not generated by cosign for signing, the key must be imported. To use a key stored in a KMS, importing is not necessary and the key can be specified by resource name.

The importing of a key pair with cosign is as follows.

$ cosign import-key-pair --key opensslrsakey.pem
Enter password for private key:
Enter password for private key again:
Private key written to import-cosign.key
Public key written to import-cosign.pub

Sign a container with imported keypair

The use of the imported key pair to sign an artifact with cosign is as follows.

$ cosign sign --key import-cosign.key $IMAGE_DIGEST
Enter password for private key:
tlog entry created with index: *****
Pushing signature to: *****
Edit this page on GitHub
← Signing with Self-Managed Keys
Hardware Tokens →