Commits on Sep 3, 2022

1. Clarify error when KMS provider fails to load …

   Before:
   
       $ KEY_REF=gcpkms://projects/test/locations/global/keyRings/test/cryptoKeys/mykey/cryptoKeyVersions/1
       $ cosign verify-blob --key $KEY_REF --signature /dev/null /dev/null
       Error: verifying blob [/dev/null]: loading public key: loading URL: unrecognized scheme: gcpkms://
       main.go:62: error during command execution: verifying blob [/dev/null]: loading public key: loading URL: unrecognized scheme: gcpkms://
   
   After:
   
       $ KEY_REF=gcpkms://projects/test/locations/global/keyRings/test/cryptoKeys/mykey/cryptoKeyVersions/1
       $ cosign verify-blob --key $KEY_REF --signature /dev/null /dev/null
       Error: verifying blob [/dev/null]: loading public key: new gcp kms client: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
       main.go:62: error during command execution: verifying blob [/dev/null]: loading public key: new gcp kms client: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
   
   Addresses sigstore#2094; I'm not sure if this fixes it, but it'll give us more
   information.
   
   Signed-off-by: Zachary Newman <z@znewman.net>

   

   znewman01 committed Sep 3, 2022
   Copy the full SHA

   cee72e1 View commit details

   Browse the repository at this point in the history