Page
Additional resources
- Install Red Hat Trusted Artifact Signer using Google identity provider and Cosign
- You can refer to the Red Hat Trusted Artifact Signer documentation for more details.
Sign and Verify Artifacts with GitHub identity provider and Red Hat Trusted Artifact Signer
In this learning exercise, we'll set up the ability to sign and verify commits with Red Hat Trusted Artifact Signer on OpenShift. For added convenience, we'll use GitHub as an OIDC provider, allowing you to incorporate a secure workflow using tools you're already familiar with. To facilitate the installation, we'll also use a script to install Red Hat SSO (Keycloak), which will later be federating the authentication to GitHub. By the end of this exercise, you'll be able to sign and verify the integrity and authenticity of software artifacts reliably across different environments within OpenShift, using GitHub as an identity provider.
Previous resource
Prerequisites and step-by-step guide
