Cosign v0.2.0 Release Notes
-
๐ This is the second release of
cosign
!We still expect many flags, commands, and formats to change going forward, but we're getting closer. No backwards compatiblity is promised or implied.
โจ Enhancements
- The password for private keys can now be passed via the
COSIGN_PASSWORD
- KMS keys can now be used to sign and verify blobs
- ๐ The
version
command can now be used to return the release version - The
public-key
command can now be used to extract the public key from KMS or a private key - The
COSIGN_REPOSITORY
environment variable can be used to store signatures in an alternate location - Tons of new EXAMPLES in our help text
๐ Bug Fixes
- ๐ Improved error messages for command line flag verification
- โ TONS more unit and integration testing
- Too many others to count :)
Contributors
We would love to thank the contributors:
- Dan Lorenc
- Priya Wadhwa
- Ahmet Alp Balkan
- Naveen Srinivasan
- Chris Norman
- Jon Johnson
- Kim Lewandowski
- Luke Hinds
- Bob Callaway
- Dan POP
- eminks
- Mark Bestavros
- Jake Sanders
- The password for private keys can now be passed via the