unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY

[soubinan]

Description
Hello,
It is my first use of consign, I tried to check if any mention of this issue was reported but nothing found. And the error message is not really helping to understand what could be the cause.

the error says:
getting signer: reading key: unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY

No idea about the potential reason of this issue. I regenerated the keypair at least three times.
I also tried without a key password since the meesage seems about the key decryption part, but the issue remains

Version

3.2.0

My current workflow

https://github.com/soubinan/xoa-container/blob/main/.github/workflows/build.yml

name: Container Image Build and Sign

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  release:
    types: [published]

env:
  IMAGE_NAME: soubinan/xoa-container
  TEST_TAG: soubinan/xoa-container:test
  PROJECT_URL: https://github.com/soubinan/xoa-container
  AUTHOR: https://github.com/soubinan

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Get xo-server version
        id: xo-server
        run: |
          echo "XO_SERVER="$(curl -s https://raw.githubusercontent.com/vatesfr/xen-orchestra/master/packages/xo-server/package.json | jq -r ".version") >> $GITHUB_ENV
      - name: Get xo-web version
        id: xo-web
        run: |
          echo "XO_WEB="$(curl -s https://raw.githubusercontent.com/vatesfr/xen-orchestra/master/packages/xo-web/package.json | jq -r ".version") >> $GITHUB_ENV
      - name: Checkout
        uses: actions/checkout@v4.1.1
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5.2.0
        with:
          images: |
            ghcr.io/${{ env.IMAGE_NAME }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=raw,latest
          labels: |
            org.opencontainers.image.source=${{ env.PROJECT_URL }}
            org.opencontainers.image.url=${{ env.PROJECT_URL }}
            org.opencontainers.image.title=XOA-Container
            org.opencontainers.image.documentation=${{ env.PROJECT_URL }}
            org.opencontainers.image.authors=${{ env.AUTHOR }}
            org.opencontainers.image.licenses=CC-BY-NC
      - name: Install cosign
        if: github.event_name == 'release'
        uses: sigstore/cosign-installer@v3.2.0
        with:
          cosign-release: main
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0
      - name: Login to Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHP }}
        if: github.event_name == 'release'
      - name: Build and push
        id: build-and-push
        uses: docker/build-push-action@v5.1.0
        with:
          context: "."
          file: "./Containerfile"
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: |
            XOWEB=$XO_WEB
            XOSERVER=$XO_SERVER
          push: ${{ github.event_name == 'release' }}
      - name: Sign the published container images
        if: github.event_name == 'release'
        run: |
          cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${TAGS}@${DIGEST}"
        env:
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}