Goal Summary:

Ability to configure Image Signature Verification Integration with Declarative Configuration  

Goals and expected user outcomes:

Customers would like to use declarative configuration when setting up Image Signature Verification. Image Signature verification is supported via Sigstore integration as described https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html/operating/verify-image-signatures 

ACS Supports various ways of integration using Keys, Certificates as well as if tlog is enabled then tlog bundle needs to be included. 

Acceptance Criteria:

Sigstore works and image signatures validated before images are deployed on cluster. 

Success Criteria or KPIs measured:

A list of specific, measurable criteria that will be used to determine if the feature is successful. Include key performance indicators (KPIs) or other metrics., etc. Initial completion during Refinement status.

<enter success criteria and/or KPIs here>

Use Cases (Optional):

Include use case diagrams, main success scenarios, alternative flow scenarios together with user type/persona. Initial completion during Refinement status.

Support for all Sigstore integrations:

• Keys
• Certificates 
• Fulcio
• Tlog (with Bundle upload for private registries) 

Considerations:

Curent Declarative Auth config is via ConfigMaps/Secrets. We may continue to do the same way for this Feature. CR support for this integration maybe a stretch goal not in scope.