Sign OCI containers & other artifacts using Sigstore Cosign & CircleCI OIDC tokens
Senior Staff Software Engineer
Sigstore’s Fulcio certificate authority now recognizes CircleCI’s OIDC tokens. This means you can sign container images and other artifacts directly from your CircleCI pipelines—without managing long-lived signing keys.
What is Sigstore?
Sigstore is an open source project that makes code signing accessible. It brings together three components:
- Cosign: A CLI tool for signing and verifying container images and other artifacts
- Fulcio: A certificate authority that issues short-lived signing certificates based on OIDC identity
- Rekor: A transparency log that records all signing events for public auditability
Together, these tools enable “keyless” signing. Instead of generating and safeguarding a private key, you authenticate with an identity provider. Fulcio issues a short-lived certificate tied to that identity, you sign your artifact, and the signature is recorded in Rekor. The ephemeral key is discarded after.
Why this matters
Traditional code signing requires managing cryptographic keys—generating them securely, storing them safely, rotating them periodically, and revoking them if they’re compromised. This overhead discourages adoption and creates risk when keys are mishandled.
Keyless signing eliminates this burden. Your CI pipeline’s identity becomes the signing credential. Anyone can later verify that an artifact was signed by a specific CircleCI job in a specific project.
With Fulcio now supporting CircleCI OIDC tokens, you can:
- Sign container images as part of your build pipeline
- Prove that artifacts came from your CI system, not a developer laptop
- Avoid storing secrets for signing
- Give downstream consumers a cryptographic guarantee of provenance
How it works
CircleCI jobs can request an OIDC token that attests to the job’s identity—which organization, project, and pipeline produced it. When you pass this token to Cosign, it forwards it to Fulcio, which validates the token and issues a signing certificate. Cosign uses that certificate to sign your artifact, uploads the signature to your container registry, and logs the event in Rekor.
The certificate is valid only for minutes. There’s no key to leak or rotate.
Getting started
We’ve put together a sample repository showing how to configure this in your CircleCI pipelines:
github.com/CircleCI-Public/sign-and-publish-examples
The repository explains the configuration step-by-step and provides working examples you can adapt.
Shout out!
Special thanks to Hayden Blauzvern, technical lead manager on Google’s Open Source Security Team, for his assistance and patience in helping to bring this integration together.
Join the conversation
If you have questions or want to share how you’re using artifact signing in your pipelines, connect with us on the CircleCI Discuss forum or join us on Discord.
