This repository has been archived by the owner on Mar 10, 2024. It is now read-only.
is it possible to use workload identity feature to use AWS services ? #11
Comments
|
ecrHelper is intended to use workload identity if it's available. If it doesn't, that's a bug, let me know. The public key pulled from KMS isn't used to auth to the registry, it's only used in |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Feature request
I saw that this project retrieved the public key from the AWS KMS system (IIUC)1. To do so, it used ecrHelper (IIUC handles authentication), so, what am I asking is that, instead of using this one, could we use the AWS workload identity feature to accomplish the same thing, thanks in advance.
Use case
Footnotes
https://github.com/chainguard-dev/cosign-ecs-verify/blob/6a2f1cab5273be3952b8194dff26070d7af26e9c/cosign-ecs-function/cosign.go?_pjax=%23js-repo-pjax-container%2C%20div%5Bitemtype%3D%22http%3A%2F%2Fschema.org%2FSoftwareSourceCode%22%5D%20main%2C%20%5Bdata-pjax-container%5D#L23 ↩
The text was updated successfully, but these errors were encountered: