Fulcio acts as a root certificate authority that issues X.509 certificates valid for only 10 minutes. It authenticates a developer's workload identity via an OpenID Connect (OIDC) token from an identity provider, cryptographically binding the ephemeral signing key to that verified identity. This binding is recorded in the Rekor transparency log, creating an auditable chain of custody without requiring the signer to possess a pre-existing, manually managed private key.
Glossary
Fulcio

What is Fulcio?
Fulcio is the certificate authority component of the Sigstore project that issues ephemeral, short-lived code-signing certificates bound to an OpenID Connect identity, eliminating the need for developers to manage long-lived private keys.
The core mechanism solves the key management problem in software supply chain security. By issuing certificates with a short time-to-live, Fulcio renders key compromise irrelevant—the certificate expires before an attacker can realistically exploit it. This architecture enables keyless signing, where the act of signing is tied to a federated identity rather than a static secret, making it a foundational element of tamper-proof model registries and SLSA compliance.
Core Properties of Fulcio
Fulcio is the certificate authority at the heart of Sigstore's keyless signing paradigm, issuing ephemeral code-signing certificates bound to OpenID Connect identities rather than long-lived private keys.
Ephemeral Certificate Lifespan
Every certificate issued by Fulcio is valid for only 10 minutes by default. This radically short validity window eliminates the operational burden of certificate revocation lists (CRLs) and key rotation. Once the certificate expires, it becomes cryptographically useless for future signing, rendering any compromise of the underlying key pair irrelevant after the window closes.
- Default validity: 10 minutes
- No CRL infrastructure required
- Compromised keys become inert automatically
Transparency Log Integration
Fulcio does not operate in isolation. Every certificate it issues is immediately submitted to Rekor, Sigstore's transparency log. This creates an append-only, cryptographically verifiable record of the signing event. Verifiers can check the Rekor log to confirm that a certificate was valid at the time of signing, even if the certificate itself has since expired.
- Certificates are recorded in Rekor upon issuance
- Provides non-repudiation through public auditability
- Enables offline verification against the log
gRPC API and Protocol
Fulcio exposes a gRPC API that clients use to request certificates. The client generates an ephemeral key pair locally, authenticates to an OIDC provider, and sends the resulting identity token to Fulcio along with a certificate signing request (CSR). Fulcio validates the token, constructs an X.509 certificate embedding the identity claims, and returns it signed by its root CA.
- API defined via Protocol Buffers
- Client never sends private key material
- Compatible with Cosign and other Sigstore clients
Root Certificate Authority Trust Chain
Fulcio operates as an intermediate CA under a root of trust managed by the Sigstore community. The Fulcio root CA is distributed through the TUF (The Update Framework) root signing ceremony, ensuring that verifiers can cryptographically chain a signing certificate back to a trusted root without relying on traditional public CA hierarchies.
- Root key material managed via TUF
- Trust root distributed out-of-band
- Eliminates dependency on commercial CAs
Custom Challenge Verification
To prevent replay attacks, Fulcio supports a proof of possession challenge. The client must prove it controls the private key corresponding to the CSR by signing a nonce or challenge provided by Fulcio. This ensures that an attacker cannot submit a stolen OIDC token with their own key pair and obtain a fraudulent certificate.
- Prevents token replay attacks
- Client demonstrates key ownership before issuance
- Integrated into the standard signing workflow
Frequently Asked Questions
Clear, technical answers to the most common questions about Fulcio, the certificate authority that enables keyless signing within the Sigstore ecosystem.
Fulcio is a root certificate authority (CA) within the Sigstore stack that issues short-lived code-signing certificates bound to an OpenID Connect (OIDC) identity. Unlike traditional CAs that manage long-lived private keys, Fulcio operates on a keyless signing paradigm. The workflow proceeds as follows: a client authenticates to an OIDC provider (such as Google, GitHub, or Microsoft) and receives an identity token. The client then generates an ephemeral key pair and sends a certificate signing request (CSR) to Fulcio, including the OIDC token. Fulcio validates the token, extracts the identity (e.g., an email address or workflow URI), and issues an X.509 certificate with a validity period typically measured in minutes—often as short as 10 minutes. This certificate is then used by Cosign to sign an artifact. Because the certificate expires so rapidly, the corresponding private key becomes useless almost immediately, eliminating the operational burden of key rotation and revocation. The issuance event is recorded in the Rekor transparency log, creating an auditable, immutable record.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Fulcio operates as the certificate authority within a broader trust framework. These related components complete the keyless signing lifecycle.
OpenID Connect Identity
The foundational identity layer that Fulcio relies on. Rather than issuing certificates to static keys, Fulcio binds each certificate to a verified OIDC token. This cryptographically ties the signing event to a specific workload identity or developer email, enabling policy decisions based on who signed the code rather than which key was used.
Workload Identity (SPIFFE)
In automated CI/CD pipelines, Fulcio integrates with SPIFFE-based workload identities. A Kubernetes pod or GitHub Actions runner presents a SPIFFE Verifiable Identity Document (SVID) as its OIDC token. Fulcio issues a certificate bound to that machine identity, enabling fully automated, keyless signing without any human-in-the-loop secret management.
Certificate Transparency
Fulcio's design inherits principles from RFC 6962 Certificate Transparency. Every certificate it issues is logged in Rekor, creating a publicly auditable Merkle tree. This means a compromise of the Fulcio CA itself would be immediately detectable, as any maliciously issued certificate would appear in the transparency log and trigger monitoring alerts.
Binary Authorization
The policy enforcement point that consumes Fulcio's certificates. Platforms like Kubernetes Binary Authorization or Sigstore's own policy controller validate that an artifact was signed by a Fulcio-issued certificate with a specific OIDC identity. This closes the loop: Fulcio issues the identity-bound cert, and the admission controller enforces that only authorized identities can deploy.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us