Cosign allows us to sign our container images and verify the integrity when pulling images from our registry. This repository is a tutorial on how to use cosign to sign your OCI artifacts.

Cosign is a project part of sigstore, an effort to introduce a new standard for signing, verifying and protecting software.

Generate a key pair that will be used to sign your OCI artifacts / container images.

❯ cosign generate-key-pair
Enter password for private key:
Enter again:
Private key written to cosign.key
Public key written to cosign.pub

Make sure you save your password, as you will need it to sign OCI artifacts.

Now you have everything needed from cosign to sign an OCI artifact. For this step, you will need write access to a registry, as well as a container image.

Demo image:

❯ docker pull docker.io/library/nginx:latest
❯ docker tag docker.io/library/nginx:latest ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest

Sign the artifact:

❯ cosign sign --key cosign.key ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest

Note that the image should already be present in the registry, otherwise you will receive an error:

Error: signing [ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest]: accessing entity: entity not found in registry
main.go:46: error during command execution: signing [ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest]: accessing entity: entity not found in registry

When signing the image:

❯ cosign sign --key cosign.key ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest
Enter password for private key: 
Pushing signature to: ghcr.io/avisi-cloud/cosign-tutorial-nginx

You can verify in Github Packages that this image has been signed:

Note that this image contains two tags: latest and the sha256- tag.

sha256-3536d368b898eef291fb1f6d184a95f8bc1a6f863c48457395aab859fda354d1.sig is the signature created and pushed by cosign. It is used by cosign to verify this image against the public key.

You can verify this through the CLI using cosign verify:

❯ cosign verify --key cosign.pub ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest

Verification for ghcr.io/avisi-cloud/cosign-tutorial-nginx:latest --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

[{"critical":{"identity":{"docker-reference":"ghcr.io/avisi-cloud/cosign-tutorial-nginx"},"image":{"docker-manifest-digest":"sha256:3536d368b898eef291fb1f6d184a95f8bc1a6f863c48457395aab859fda354d1"},"type":"cosign container image signature"},"optional":null}]

You can automate the signing of your container images by using Github Actions. For this you need to do the following:

First add the cosign.key and password as a secret to your project or Github organisation as an action secret. You can do this within your project or by using organisation secrets.

You can set-up cosign by using the following job step:

jobs:
  build-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      # install cosign
      - name: Set up cosign
        uses: sigstore/cosign-installer@main

      # log in to the ghcr registry
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

You can also verify the base image in your Dockerfile. This allows you to make sure the base image used is from a trusted source.

      - name: Verify base image
        run: |          
          cosign dockerfile verify --base-image-only --key https://github.com/GoogleContainerTools/distroless Dockerfile

Next build and publish your container image to the registry:

      - name: Publish container image
        uses: docker/build-push-action@v3
        with:
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          tags: |
            ghcr.io/avisi-cloud/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
          labels: |
            org.opencontainers.image.title=${{ github.event.repository.name }}
            org.opencontainers.image.description=${{ github.event.repository.description }}
            org.opencontainers.image.url=${{ github.event.repository.html_url }}
            org.opencontainers.image.revision=${{ github.sha }}
            org.opencontainers.image.version=${{ env.VERSION }}

Note that this entire process will work with any container registry, not just ghcr.

Now we can sign the images we just published to our registry by using cosign sign with the cosign.key and password we used as our orgnaisation or project secret:

      - name: sign container image
        run: |
            cosign sign --key env://COSIGN_KEY ghcr.io/avisi-cloud/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
        shell: bash
        env:
          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

And a final step we can verify our entire signing proces worked as expected by running cosign verify as our last step in the action workflow:

      - name: Check images
        run: |
          docker buildx imagetools inspect ghcr.io/avisi-cloud/${IMAGE_NAME}:${{ env.VERSION }}
          docker pull ghcr.io/avisi-cloud/${IMAGE_NAME}:${{ env.VERSION }}
          cosign verify --key cosign.pub ghcr.io/avisi-cloud/${IMAGE_NAME}:${{ env.VERSION }} 

You can see a full example here.

This is also possible in Gitlab CI or any other CI service. Here is an example for in Gitlab:

MIT