Sign and Verify Artifacts with GitHub identity provider and Red Hat Trusted Artifact Signer

In this learning exercise, we'll set up the ability to sign and verify commits with Red Hat Trusted Artifact Signer on OpenShift. For added convenience, we'll use GitHub as an OIDC provider, allowing you to incorporate a secure workflow using tools you're already familiar with. To facilitate the installation, we'll also use a script to install Red Hat SSO (Keycloak), which will later be federating the authentication to GitHub. By the end of this exercise, you'll be able to sign and verify the integrity and authenticity of software artifacts reliably across different environments within OpenShift, using GitHub as an identity provider.

Red Hat Trusted Artifact Signer