Skip to content

sigstore/helm-charts

Helm Charts

Artifact Hub

Helm Charts to support the Sigstore project.

Usage

Charts are available in the following formats:

Contribute

❤️ Planning to contribute? Please following our contributing guidelines to have your contribution smoothly flowing into this project.

Installing from the Chart Repository

The following command can be used to add the chart repository:

helm repo add sigstore https://sigstore.github.io/helm-charts
helm repo update

Once the chart has been added, install one of the available charts:

helm upgrade -i <release_name> sigstore/<chart_name>

Installing from an OCI Registry

Charts are also available in OCI format. The list of available charts can be found here.

Install one of the available charts:

helm upgrade -i oci://ghcr.io/sigstore/helm-charts/<chart_name> --version=<version>

Provenance

Charts are signed using the provenance methods provided by the Helm project as well as uploaded to the Rekor transparency server using the Helm sigtore plugin.

Verification of the signed charts can be accomplished by importing the GPG Public Key that was used to sign the associated chart.

cat security/pubkey.gpg | gpg --import --batch

Once the public key has been imported, charts can be verified using the helm verify and/or helm sigstore verify commands.

NOTE: The public key that was used to sign a particular chart may not be identical to the public key on the main branch. Each chart release has an associated git tag. The public key that was used to sign the particular chart will be included in this tag.

Charts