Skip to content

Supply-Chain Evidence

Running CloudTaser is a trust shift. You are moving responsibility for secret handling FROM "the US cloud provider + their build pipelines + their signing root" TO "CloudTaser + OpenBao + your chosen EU substrate + CloudTaser's build pipelines." That shift is the product. This page gives you the cryptographic handle to audit the CloudTaser side of that shift, so you have evidence -- not assurance -- that the bits you run are the bits we shipped.

We do not ask you to trust us

Every release artefact (container image, Linux binary, Helm chart, SBOM) is Cosign-signed. The public key is published at a stable URL. Signatures are recorded in the Sigstore Rekor transparency log. You can verify independently; you can pin the trust root in air-gapped deployments; you can enforce signature checking at admission time so an unsigned image cannot land in your cluster.

What we sign

Artefact type Signing mechanism Distribution
Container images (operator, wrapper, eBPF agent, bridge, beacon, S3/DB proxy, init container) cosign sign with COSIGN_KEY (env-only, never on disk in CI) against both GAR (europe-west4-docker.pkg.dev/skipopsmain/cloudtaser/*) and GHCR (ghcr.io/cloudtaser/*) tags, recursive across multi-arch manifests Registry-attached signatures
Linux binaries (bridge, enroll, CLI, wrapper, etc.) cosign sign-blob produces <binary>.sig adjacent to the binary https://releases.cloudtaser.io/<component>/<version>/
Checksums file cosign sign-blob produces SHA256SUMS.sig Same release URL
SBOM syft dir:. -o spdx-json > sbom.spdx.json attached to each GitHub release GitHub release assets + release URL
Helm charts Chart lineage tracked through CI; release tags checksummed https://helm.cloudtaser.io

All signing steps hard-fail in CI if the signing key is missing. We do not ship unsigned artefacts.

Trust root -- the public key

The single public key that validates every CloudTaser signature:

  • URL: https://releases.cloudtaser.io/keys/release.pub
  • Format: PEM-encoded ECDSA P-256 (cosign.pub)

Pinning this key is the one decision you make for your trust root. If you're running air-gapped, bake the PEM into your Helm values; if you're online, Kyverno / cosign fetches it at admission or verification time.

Rotating the key is a versioned event

When we rotate the signing key (scheduled every 2 years unless a compromise forces earlier), the previous key remains valid for a documented overlap window. Rotation is announced via GitHub Security Advisory + release notes on releases.cloudtaser.io.

How to verify an image

Copy-paste ready:

# Fetch the public key once
curl -sSLf https://releases.cloudtaser.io/keys/release.pub -o release.pub

# Verify an operator image (GAR or GHCR -- pick whichever you pull from)
cosign verify \
  --key release.pub \
  europe-west4-docker.pkg.dev/skipopsmain/cloudtaser/cloudtaser-operator:v0.9.0

# Or via GHCR mirror
cosign verify \
  --key release.pub \
  ghcr.io/cloudtaser/cloudtaser-operator:v0.9.0

A successful verification prints the signing identity, the Rekor log entry UUID, and the verified manifest digest. Any other output means the image is unsigned, mis-signed, or the tag does not match a signed digest -- do not deploy.

Verifying all CloudTaser-managed images before a release

components=(
  cloudtaser-operator
  cloudtaser-wrapper
  cloudtaser-ebpf
  cloudtaser-beacon
  cloudtaser-s3-proxy
  cloudtaser-db-proxy
)
TAG=v0.9.0
for c in "${components[@]}"; do
  cosign verify --key release.pub "europe-west4-docker.pkg.dev/skipopsmain/cloudtaser/${c}:${TAG}" \
    && echo "OK: $c" \
    || { echo "FAIL: $c"; exit 1; }
done

Use this in your release-gate pipeline before promoting a CloudTaser version into a regulated environment.

How to verify a binary

Every Linux binary published to releases.cloudtaser.io ships a .sig file alongside it:

VERSION=v0.3.26
COMPONENT=bridge
curl -sSLfO "https://releases.cloudtaser.io/${COMPONENT}/${VERSION}/cloudtaser-${COMPONENT}-linux-amd64"
curl -sSLfO "https://releases.cloudtaser.io/${COMPONENT}/${VERSION}/cloudtaser-${COMPONENT}-linux-amd64.sig"

cosign verify-blob \
  --key release.pub \
  --signature "cloudtaser-${COMPONENT}-linux-amd64.sig" \
  "cloudtaser-${COMPONENT}-linux-amd64"

For the checksums file:

curl -sSLfO "https://releases.cloudtaser.io/${COMPONENT}/${VERSION}/SHA256SUMS"
curl -sSLfO "https://releases.cloudtaser.io/${COMPONENT}/${VERSION}/SHA256SUMS.sig"

cosign verify-blob \
  --key release.pub \
  --signature SHA256SUMS.sig \
  SHA256SUMS

sha256sum -c SHA256SUMS

That second step is the chain you want in an audit narrative: the checksums file is signed, and every binary in the directory is included in that checksums file.

How to fetch an SBOM

Each release ships an SPDX-format SBOM generated with syft:

curl -sSLfO "https://releases.cloudtaser.io/${COMPONENT}/${VERSION}/sbom.spdx.json"

# Quick inventory
jq '.packages | map({name, versionInfo}) | .[]' sbom.spdx.json | head -40

# Or feed into Grype / Trivy for vulnerability scanning
grype sbom:sbom.spdx.json
trivy sbom sbom.spdx.json

SBOMs are also attached to every GitHub release on the respective component repository under cloudtaser/<component>.

Admission-policy enforcement

You can enforce signature verification at admission time in your cluster, so that an unsigned image (or an image tag swap, or a rollback to a non-signed digest) is rejected before the pod schedules. The CloudTaser Helm chart ships this as an opt-in:

# values.yaml
admission:
  enforceSignature: true
  mode: kyverno          # or "vap", or "both"
  signature:
    publicKey: ""        # inline PEM for air-gapped; default is publicKeyURL
    publicKeyURL: "https://releases.cloudtaser.io/keys/release.pub"
    rekorURL: "https://rekor.sigstore.dev"
    ignoreTlog: false
    additionalImageReferences: []
      # - "europe-west4-docker.pkg.dev/customer-project/*"

See Helm Values Reference for the full admission options. The default is enforceSignature: false during Preview; once the trust root is broadly published, the default flips in a subsequent minor. If you want strict behaviour today, set it to true now and add your own signed images under additionalImageReferences to extend the same trust root to your internal registry.

Engine selection:

  • kyverno (recommended) uses Kyverno's native verifyImages rule; requires Kyverno ≥ 1.11 installed in the cluster.
  • vap renders a Kubernetes 1.30+ ValidatingAdmissionPolicy that enforces digest-pinned images (@sha256:...) without requiring an external controller. It cannot verify signatures by itself (VAP has no egress) but it closes the tag-swap / latest-rollback gap.
  • both renders both, for defence-in-depth or during a Kyverno install/uninstall migration.

Metrics you can scrape: cloudtaser_admission_signature_enforced (gauge) and cloudtaser_admission_signature_rejections_total (counter).

What's on the roadmap

  • Reproducible builds: verify that a given Git SHA produces a byte-identical image locally and in CI. Currently partial (Go binaries are reproducible with -trimpath -buildvcs=false -ldflags="-buildid="; container layer ordering is not fully pinned). Tracker: cloudtaser-pipeline# (filed in the same PR as this page -- see release notes).
  • Third-party penetration test: targeted Q2 2026; results publishable in a redacted executive summary. See Preview Status & Roadmap.
  • SLSA level 3 aspiration: signed provenance attestation attached to every image (beyond the basic Cosign signature). Depends on build-environment isolation work currently underway in the pipeline repo.
  • Rekor-only verification flows for customers who cannot tolerate fetching release.pub at admission time: we document the Rekor UUIDs per release so you can verify against the transparency log without holding a local copy of the public key.

Acknowledging the trust shift

Using CloudTaser IS a trust shift. You go from:

  • Before: trusting the US cloud provider + their key-management service + their Vault Enterprise build pipeline + their signing root.
  • After: trusting CloudTaser's codebase + your chosen EU substrate (OpenBao + provider) + CloudTaser's build pipeline + CloudTaser's signing root.

The shift is the value proposition -- we are moving secret material out of the compelled surface into a jurisdictionally and architecturally distinct surface. But it is not an elimination of trust; it is a relocation of it. This page exists to give you the cryptographic handle to audit the CloudTaser side of that shift -- independently, continuously, and with primitives (Cosign, SPDX SBOMs, Rekor transparency) that are open-source and industry-standard.

If you need evidence beyond what's documented here -- a pentest report, a SOC 2 letter, a penetration-test attestation, a specific build-provenance format -- reach out. Those items are on the roadmap; several are available under NDA today.