-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extracting CLI signing functionality to be more configurable as a library function #657
Comments
7 tasks
It also pulls in a LOT of dependencies 😅 |
I think the next level of stuff is going to be pushing some of the signing (and verification) stuff into different packages, which compose nicely with the |
Stale/outdated issue, closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
While using cosign as a library, I found that the
cli.SignCmd
does all the logic that I would require for signing myself, however, it is designed for CLI usage with particular assumptions. One such assumption is that it uses the default keychain. I would like to be able to change the keychain used without having to duplicate the whole function in my own codebase with that one line change and having to maintain it whenever the function changes in the upstream.I was wondering if there was a design decision made regarding this current implementation or would it be valid to extract this logic out of the CLI portion to be more generic and/or configurable as a library function?
The text was updated successfully, but these errors were encountered: