Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add signed server image to attestation conditions #7

Open
Tracked by #5
matweldon opened this issue Mar 26, 2024 · 4 comments
Open
Tracked by #5

Add signed server image to attestation conditions #7

matweldon opened this issue Mar 26, 2024 · 4 comments

Comments

@matweldon
Copy link
Collaborator

No description provided.

@matweldon matweldon mentioned this issue Mar 26, 2024
Open
4 tasks
@daffidwilde
Copy link
Contributor

Just a thought, but we could serve a Docker image ourselves (linked to a release of this repository) that users have access to. That way, we could hard-code the SHA digest of the image into the authorisation script, which helps ensure security. It would also eliminate the workload author role for users.

How we would host this remains to be seen of course.

@matweldon
Copy link
Collaborator Author

matweldon commented Mar 27, 2024
edited
Loading

Just a thought, but we could serve a Docker image ourselves (linked to a release of this repository) that users have access to. That way, we could hard-code the SHA digest of the image into the authorisation script, which helps ensure security. It would also eliminate the workload author role for users.

How we would host this remains to be seen of course.

Great idea. We can make repos public in Artifact Registry

@matweldon
Copy link
Collaborator Author

Or use our organisational Dockerhub site

@daffidwilde
Copy link
Contributor

daffidwilde commented Mar 27, 2024
edited
Loading

We would want some sort of long-term assurance, so the Dockerhub is probably preferable. Can we run an image from there on GCP? Probably best to just chat this over next week 😸

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daffidwilde @matweldon