subcommand to manage a keyless policy.
policy is used to manage a root.json policy for keyless signing delegation. This is used to establish a policy for a registry namespace, a signing threshold and a list of maintainers who can sign over the body section.
cosign policy [flags]
-h, --help help for policy
--output-file string log output to a file
-t, --timeout duration timeout for commands (default 3m0s)
-d, --verbose log debug output
-y, --yes skip confirmation prompts for non-destructive operations
- cosign - A tool for Container Signing, Verification and Storage in an OCI registry.
- cosign policy init - generate a new keyless policy.
- cosign policy sign - sign a keyless policy.