Keyless private OCI artifacts signing and public rekor server

[bozho]

Hi,

I'm testing out keyless signing of OCI artefacts with GitHub actions. We use private repositories, and our OCI artefacts are not public. Flux OCI repository docs say:

For publicly available OCI artifacts, which are signed using the Cosign Keyless procedure, you can enable the verification by omitting the .verify.secretRef field.

Are there any risks involved using keyless signing/verification for private OCI artefacts? I'm aware that cosign uses public Rekor server and that those entries are publicly available, but that's just signature and a bit of related metadata, right?

I tried examining Body.HashedRekordObj.signature.content for our entries and it looks like binary base64-encoded data. There is no Body.HashedRekordObj.signature.format field, mentioned in some of Cosign/Rekor examples.

Thank you!

[matheuscscp]

It's fine, you can use cosign keyless in GitHub Actions for private OCI registries and artifacts. I use it for private ECR repositories. We push and sign them with an IAM Role in the GitHub Action and do the same in-cluster to pull and verify. In the OCIRepository API you can specify in the verification configuration the OIDC Issuer used for cosign and the GitHub Actions workflow URL (including the Git reference). The signature identity will have to match these rules in the verification.

[bozho]

I know I can (I have it working), I was wondering should I, given that the signature and metadata gets stored on a publicly available rekor server :-)

When I fetch the record from the server, I don't see any personal/sensitive metadata, so I'm thinking we're good. I just wanted to double check.