You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Helm supports signing charts to allow verification of the origin and validity of a chart package. This is done through the use of provenance files.
Could signing be added to the chart release process so we can consume the signature to verify the release? We have a requirement to cache the charts locally for use, and our security team would like us to be able to verify all releases before deployment.
Helm supports signing charts to allow verification of the origin and validity of a chart package. This is done through the use of provenance files.
Could signing be added to the chart release process so we can consume the signature to verify the release? We have a requirement to cache the charts locally for use, and our security team would like us to be able to verify all releases before deployment.
Helm documentation: https://helm.sh/docs/topics/provenance/
The text was updated successfully, but these errors were encountered: