Document Keyless Signing
Proposal
- Add documentation to https://docs.gitlab.com/ee/ci/yaml/index.html#id_tokens to specifically call out the role of the
SIGSTORE_ID_TOKEN
token and link to the newSigning examples
page in requirement 3. - Edit the sample yaml file at https://docs.gitlab.com/ee/ci/yaml/gitlab_ci_yaml.html to include signing in the example and possibly link to the new
Signing examples
page in requirement 3 (linking may or may not make sense here). - Add a new page called
Signing examples
(see mock below)- Provide an overview of benefits/advantages to keyless signing (no need to maintain a KMS, rotate keys, securely authenticate to the KMS, etc).
- Provide specific step-by-step instructions to add signing to an existing project
- Call out recommended best practices (doing build and signing in the same job)
- Call out our existing limitations
- Only supported for SaaS
- Only supported for projects where the build config is in the same project.
- Any other limitations
Designs
Implementation
-
Documentation for container signing - !122796 (merged) -
Documentation for artifact signing - !125935 (merged) -
Documentation for npm provenance - !124362 (merged)
Edited by Alishan Ladhani