Cosign v0.2.0 Release Notes

  • ๐Ÿš€ This is the second release of cosign!

    We still expect many flags, commands, and formats to change going forward, but we're getting closer. No backwards compatiblity is promised or implied.

    โœจ Enhancements

    • The password for private keys can now be passed via the COSIGN_PASSWORD
    • KMS keys can now be used to sign and verify blobs
    • ๐Ÿš€ The version command can now be used to return the release version
    • The public-key command can now be used to extract the public key from KMS or a private key
    • The COSIGN_REPOSITORY environment variable can be used to store signatures in an alternate location
    • Tons of new EXAMPLES in our help text

    ๐Ÿ› Bug Fixes

    • ๐Ÿ‘Œ Improved error messages for command line flag verification
    • โœ… TONS more unit and integration testing
    • Too many others to count :)

    Contributors

    We would love to thank the contributors:

    • Dan Lorenc
    • Priya Wadhwa
    • Ahmet Alp Balkan
    • Naveen Srinivasan
    • Chris Norman
    • Jon Johnson
    • Kim Lewandowski
    • Luke Hinds
    • Bob Callaway
    • Dan POP
    • eminks
    • Mark Bestavros
    • Jake Sanders