diff --git a/doc/cosign_attach_attestation.md b/doc/cosign_attach_attestation.md index 8498ed21370..2c53d1d508e 100644 --- a/doc/cosign_attach_attestation.md +++ b/doc/cosign_attach_attestation.md @@ -29,7 +29,11 @@ cosign attach attestation [flags] --attestation stringArray path to the attestation envelope -h, --help help for attestation --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_attach_sbom.md b/doc/cosign_attach_sbom.md index 07948123883..f4d5cd846c5 100644 --- a/doc/cosign_attach_sbom.md +++ b/doc/cosign_attach_sbom.md @@ -27,8 +27,12 @@ cosign attach sbom [flags] -h, --help help for sbom --input-format string type of sbom input format (json|xml|text) --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password --registry-referrers-mode registryReferrersMode mode for fetching references from the registry. allowed: legacy, oci-1-1 + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --sbom string path to the sbom, or {-} for stdin diff --git a/doc/cosign_attach_signature.md b/doc/cosign_attach_signature.md index 21e96f4f589..a0355876e0e 100644 --- a/doc/cosign_attach_signature.md +++ b/doc/cosign_attach_signature.md @@ -40,7 +40,11 @@ cosign attach signature [flags] -h, --help help for signature --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --payload string path to the payload covered by the signature + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-response string path to the rekor bundle diff --git a/doc/cosign_attest.md b/doc/cosign_attest.md index 19e201291d6..d31fb8fd8a5 100644 --- a/doc/cosign_attest.md +++ b/doc/cosign_attest.md @@ -67,7 +67,11 @@ cosign attest [flags] --predicate string path to the predicate file. --record-creation-timestamp set the createdAt timestamp in the attestation artifact to the time it was created; by default, cosign sets this to the zero value -r, --recursive if a multi-arch image is specified, additionally sign each discrete image + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-entry-type string specifies the type to be used for a rekor entry upload. Options are intoto or dsse (default). (default "dsse") diff --git a/doc/cosign_clean.md b/doc/cosign_clean.md index bbefe406d2d..fba11ddce57 100644 --- a/doc/cosign_clean.md +++ b/doc/cosign_clean.md @@ -21,7 +21,11 @@ cosign clean [flags] -f, --force do not prompt for confirmation -h, --help help for clean --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --type CLEAN_TYPE a type of clean: (sbom is deprecated) (default all) diff --git a/doc/cosign_copy.md b/doc/cosign_copy.md index 5cce9b638d5..3ba371fa016 100644 --- a/doc/cosign_copy.md +++ b/doc/cosign_copy.md @@ -38,7 +38,11 @@ cosign copy [flags] --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --only string custom string array to only copy specific items, this flag is comma delimited. ex: --only=sbom,sign,att --platform string only copy container image and its signatures for a specific platform image + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --sig-only [DEPRECATED] only copy the image signature diff --git a/doc/cosign_dockerfile_verify.md b/doc/cosign_dockerfile_verify.md index aea4d4aadde..0b64d614cd6 100644 --- a/doc/cosign_dockerfile_verify.md +++ b/doc/cosign_dockerfile_verify.md @@ -81,7 +81,11 @@ cosign dockerfile verify [flags] -o, --output string output format for the signing image information (json|text) (default "json") --payload string payload path or remote URL --private-infrastructure skip transparency log verification when verifying artifacts in a privately deployed infrastructure + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-url string address of rekor STL server (default "https://rekor.sigstore.dev") diff --git a/doc/cosign_download_attestation.md b/doc/cosign_download_attestation.md index c1e8a656d9d..30e768ed193 100644 --- a/doc/cosign_download_attestation.md +++ b/doc/cosign_download_attestation.md @@ -22,7 +22,11 @@ cosign download attestation [flags] --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --platform string download attestation for a specific platform image --predicate-type string download attestation with matching predicateType + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_download_sbom.md b/doc/cosign_download_sbom.md index 77bbaa8c2cf..03b18f3e00a 100644 --- a/doc/cosign_download_sbom.md +++ b/doc/cosign_download_sbom.md @@ -27,7 +27,11 @@ cosign download sbom [flags] -h, --help help for sbom --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). --platform string download SBOM for a specific platform image + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_download_signature.md b/doc/cosign_download_signature.md index fc830089c4f..371a8699656 100644 --- a/doc/cosign_download_signature.md +++ b/doc/cosign_download_signature.md @@ -20,7 +20,11 @@ cosign download signature [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] -h, --help help for signature --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_generate.md b/doc/cosign_generate.md index 34b55f1daac..8996f56438a 100644 --- a/doc/cosign_generate.md +++ b/doc/cosign_generate.md @@ -36,7 +36,11 @@ cosign generate [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] -h, --help help for generate --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_load.md b/doc/cosign_load.md index 8051c461413..17412943270 100644 --- a/doc/cosign_load.md +++ b/doc/cosign_load.md @@ -25,7 +25,11 @@ cosign load [flags] --dir string path to directory where the signed image is stored on disk -h, --help help for load --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_manifest_verify.md b/doc/cosign_manifest_verify.md index dc1af148c48..4bd31816c1b 100644 --- a/doc/cosign_manifest_verify.md +++ b/doc/cosign_manifest_verify.md @@ -75,7 +75,11 @@ cosign manifest verify [flags] -o, --output string output format for the signing image information (json|text) (default "json") --payload string payload path or remote URL --private-infrastructure skip transparency log verification when verifying artifacts in a privately deployed infrastructure + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-url string address of rekor STL server (default "https://rekor.sigstore.dev") diff --git a/doc/cosign_save.md b/doc/cosign_save.md index 53cc93eb419..fa6cd9590b2 100644 --- a/doc/cosign_save.md +++ b/doc/cosign_save.md @@ -25,7 +25,11 @@ cosign save [flags] --dir string path to dir where the signed image should be stored on disk -h, --help help for save --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_sign.md b/doc/cosign_sign.md index 9e28e10fd25..07c3bb98fa3 100644 --- a/doc/cosign_sign.md +++ b/doc/cosign_sign.md @@ -99,8 +99,12 @@ cosign sign [flags] --payload string path to a payload file to use rather than generating one --record-creation-timestamp set the createdAt timestamp in the signature artifact to the time it was created; by default, cosign sets this to the zero value -r, --recursive if a multi-arch image is specified, additionally sign each discrete image + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password --registry-referrers-mode registryReferrersMode mode for fetching references from the registry. allowed: legacy, oci-1-1 + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-url string address of rekor STL server (default "https://rekor.sigstore.dev") diff --git a/doc/cosign_tree.md b/doc/cosign_tree.md index 6af48f1290b..53deab00abd 100644 --- a/doc/cosign_tree.md +++ b/doc/cosign_tree.md @@ -20,7 +20,11 @@ cosign tree [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] -h, --help help for tree --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_triangulate.md b/doc/cosign_triangulate.md index 07b41494843..875bc72c257 100644 --- a/doc/cosign_triangulate.md +++ b/doc/cosign_triangulate.md @@ -20,7 +20,11 @@ cosign triangulate [flags] --attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] -h, --help help for triangulate --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --type string related attachment to triangulate (attestation|sbom|signature|digest), default signature (sbom is deprecated) (default "signature") diff --git a/doc/cosign_upload_blob.md b/doc/cosign_upload_blob.md index 0688d525624..59c0c7a1b6b 100644 --- a/doc/cosign_upload_blob.md +++ b/doc/cosign_upload_blob.md @@ -41,7 +41,11 @@ cosign upload blob [flags] -f, --files strings :[platform/arch] -h, --help help for blob --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_upload_wasm.md b/doc/cosign_upload_wasm.md index da99e0a8f96..15bc70a7f4c 100644 --- a/doc/cosign_upload_wasm.md +++ b/doc/cosign_upload_wasm.md @@ -21,7 +21,11 @@ cosign upload wasm [flags] -f, --file string path to the wasm file to upload -h, --help help for wasm --k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity). + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username ``` diff --git a/doc/cosign_verify-attestation.md b/doc/cosign_verify-attestation.md index 9b747ab9ef0..d370f05cf52 100644 --- a/doc/cosign_verify-attestation.md +++ b/doc/cosign_verify-attestation.md @@ -85,7 +85,11 @@ cosign verify-attestation [flags] -o, --output string output format for the signing image information (json|text) (default "json") --policy strings specify CUE or Rego files with policies to be used for validation --private-infrastructure skip transparency log verification when verifying artifacts in a privately deployed infrastructure + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-url string address of rekor STL server (default "https://rekor.sigstore.dev") diff --git a/doc/cosign_verify.md b/doc/cosign_verify.md index 0852f21fc81..de9e10dd4c1 100644 --- a/doc/cosign_verify.md +++ b/doc/cosign_verify.md @@ -102,7 +102,11 @@ cosign verify [flags] -o, --output string output format for the signing image information (json|text) (default "json") --payload string payload path or remote URL --private-infrastructure skip transparency log verification when verifying artifacts in a privately deployed infrastructure + --registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry + --registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry + --registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry --registry-password string registry basic auth password + --registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry --registry-token string registry bearer auth token --registry-username string registry basic auth username --rekor-url string address of rekor STL server (default "https://rekor.sigstore.dev")