Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

So You Want to Run Your Own Sigstore - Recommendations for a Secure Setup

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore recommendations for securely setting up and running a private Sigstore instance in this conference talk. Delve into the motivations behind operating private Sigstore services, including availability requirements, data residency, privacy concerns, and policy controls. Examine the differences in threat modeling between public and private instances, and understand the essential requirements for operating private instances, such as managing a root trust store and ensuring security properties for private certificate authorities and transparency logs. Learn about Sigstore components like Fulcio and Rekor, artifact signing keys, transparency logs, and timestamping. Discover the challenges of key management and how The Update Framework addresses them. Gain insights into deploying Sigstore and monitoring your private instance for optimal security and performance.

Syllabus

Intro
Sigstore Overview - Fulcio
Sigstore Overview - Rekor
Why a Private Sigstore?
Artifact Signing Keys
Private CAs
Private Fulcio
What's a Transparency Log?
Transparency Logs in Sigstore
Do I Need Transparency Logs?
You Must Monitor!
Timestamping in Sigstore
Problems with Key Management
The Update Framework
How to Deploy Sigstore

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of So You Want to Run Your Own Sigstore - Recommendations for a Secure Setup

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.