Keyless Git signing using Sigstore
gitsign show
- Prints out in-toto Statement for the specified commit.gitsign attest
- Stores attestations for a commit / tree in the repository.fulcioRoot
option for configuring private Sigstore instances.gitsign show
subcommand. by @wlynch in https://github.com/sigstore/gitsign/pull/191
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.3.2...v0.4.0
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.3.1...v0.3.2
.gitconfig support - You can now configure Gitsign with your ~/.gitconfig
and/or .git/config
files! See File Config for more details.
$ git config gitsign.fulcio https://fulcio.example.com
$ cat ~/.gitconfig
[gitsign]
fulcio = https://fulcio.example.com
Dex connector configuration - You can now configure the Dex connector ID to use when authenticating. This can help speed up workflows by pre-selecting the identity provider to use when signing in. For example, to always sign in with GitHub:
$ git config gitsign.connectorID https://github.com/login/oauth
Supported values depend on the OIDC issuer you are using. For the public Sigstore instance (oauth2.sigstore.dev
):
Provider | Connector ID |
---|---|
GitHub | https://github.com/login/oauth |
https://accounts.google.com |
|
Microsoft | https://login.microsoftonline.com |
Experimental support for Git based attestations - store attestations about your code directly in your repository! (note: This is not yet included in the main gitsign
binary and is not available as a downloadable release artifact - please install from source).
git tag -f -s <tag name> <tag name>
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.1.0...v0.1.1
⚠️ Note: Due to a bug, gitsign >= v0.1 is now required to work with the public sigstore instance starting 2022/06/01. See https://github.com/sigstore/gitsign/issues/49 for more details.
Another pre-release to test out the release pipeline
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.0.1-alpha...v0.0.2-alpha
Pre-release of gitsign
to test out release automation
Full Changelog: https://github.com/sigstore/gitsign/compare/v0.0.0-test...v0.0.1-alpha
This is a test. Please ignore.