Is your feature request related to a problem? Please describe.
Docs remain vague on using --signing-key. These two sites (https://docs.zarf.dev/commands/zarf_package_create/ and https://docs.zarf.dev/commands/zarf_package_publish/) state:
--signing-key string Private key for signing packages. Accepts either a local file path or a Cosign-supported key provider
Cosign supports KMS keys, but they must be an asymmetric (vs symmetric) key (which was also never really found in the Cosign documentation explicitly). Could we clarify the need for asymmetric keys in the documentation somewhere?
Describe the behavior you'd like
- Given existing Zarf docs
- When looking at
zarf package create --signing-key and zarf package publish --signing-key
- Then we clarify in the docs that if using a KMS key, it needs to be asymmetric
Describe alternatives you've considered
No change to documentation
Additional context
Would love to see a tutorial on the website specifically focusing on signing Zarf packages with a
Is your feature request related to a problem? Please describe.
Docs remain vague on using
--signing-key. These two sites (https://docs.zarf.dev/commands/zarf_package_create/ and https://docs.zarf.dev/commands/zarf_package_publish/) state:--signing-key string Private key for signing packages. Accepts either a local file path or a Cosign-supported key providerCosign supports KMS keys, but they must be an asymmetric (vs symmetric) key (which was also never really found in the Cosign documentation explicitly). Could we clarify the need for asymmetric keys in the documentation somewhere?
Describe the behavior you'd like
zarf package create --signing-keyandzarf package publish --signing-keyDescribe alternatives you've considered
No change to documentation
Additional context
Would love to see a tutorial on the website specifically focusing on signing Zarf packages with a