Generating Keys

To generate a key pair in Cosign, run cosign generate-key-pair, you'll be interactively prompted to provide a password.

$ cosign generate-key-pair
Enter password for private key:
Enter again:
Private key written to cosign.key
Public key written to

Alternatively, you can use the COSIGN_PASSWORD environment variable to provide one.

Key generation and management

To generate keys using a KMS provider, you can use the cosign generate-key-pair command with the --kms flag.

$ cosign generate-key-pair --kms <some provider>://<some key>

Read more about this in our KMS Support page.

The public key can be retrieved with:

$ cosign public-key --key <some provider>://<some key>
-----END PUBLIC KEY-----
Edit this page on GitHub Updated at Thu, Feb 2, 2023