Inferensys

Glossary

Fulcio

A certificate authority within the Sigstore stack that issues short-lived code-signing certificates bound to an OpenID Connect identity, eliminating the need for long-lived private key management.
Data engineer managing feature store on laptop, feature definitions visible, casual data engineering session.
KEYLESS SIGNING AUTHORITY

What is Fulcio?

Fulcio is the certificate authority component of the Sigstore project that issues ephemeral, short-lived code-signing certificates bound to an OpenID Connect identity, eliminating the need for developers to manage long-lived private keys.

Fulcio acts as a root certificate authority that issues X.509 certificates valid for only 10 minutes. It authenticates a developer's workload identity via an OpenID Connect (OIDC) token from an identity provider, cryptographically binding the ephemeral signing key to that verified identity. This binding is recorded in the Rekor transparency log, creating an auditable chain of custody without requiring the signer to possess a pre-existing, manually managed private key.

The core mechanism solves the key management problem in software supply chain security. By issuing certificates with a short time-to-live, Fulcio renders key compromise irrelevant—the certificate expires before an attacker can realistically exploit it. This architecture enables keyless signing, where the act of signing is tied to a federated identity rather than a static secret, making it a foundational element of tamper-proof model registries and SLSA compliance.

KEYLESS SIGNING INFRASTRUCTURE

Core Properties of Fulcio

Fulcio is the certificate authority at the heart of Sigstore's keyless signing paradigm, issuing ephemeral code-signing certificates bound to OpenID Connect identities rather than long-lived private keys.

02

Ephemeral Certificate Lifespan

Every certificate issued by Fulcio is valid for only 10 minutes by default. This radically short validity window eliminates the operational burden of certificate revocation lists (CRLs) and key rotation. Once the certificate expires, it becomes cryptographically useless for future signing, rendering any compromise of the underlying key pair irrelevant after the window closes.

  • Default validity: 10 minutes
  • No CRL infrastructure required
  • Compromised keys become inert automatically
03

Transparency Log Integration

Fulcio does not operate in isolation. Every certificate it issues is immediately submitted to Rekor, Sigstore's transparency log. This creates an append-only, cryptographically verifiable record of the signing event. Verifiers can check the Rekor log to confirm that a certificate was valid at the time of signing, even if the certificate itself has since expired.

  • Certificates are recorded in Rekor upon issuance
  • Provides non-repudiation through public auditability
  • Enables offline verification against the log
04

gRPC API and Protocol

Fulcio exposes a gRPC API that clients use to request certificates. The client generates an ephemeral key pair locally, authenticates to an OIDC provider, and sends the resulting identity token to Fulcio along with a certificate signing request (CSR). Fulcio validates the token, constructs an X.509 certificate embedding the identity claims, and returns it signed by its root CA.

  • API defined via Protocol Buffers
  • Client never sends private key material
  • Compatible with Cosign and other Sigstore clients
05

Root Certificate Authority Trust Chain

Fulcio operates as an intermediate CA under a root of trust managed by the Sigstore community. The Fulcio root CA is distributed through the TUF (The Update Framework) root signing ceremony, ensuring that verifiers can cryptographically chain a signing certificate back to a trusted root without relying on traditional public CA hierarchies.

  • Root key material managed via TUF
  • Trust root distributed out-of-band
  • Eliminates dependency on commercial CAs
06

Custom Challenge Verification

To prevent replay attacks, Fulcio supports a proof of possession challenge. The client must prove it controls the private key corresponding to the CSR by signing a nonce or challenge provided by Fulcio. This ensures that an attacker cannot submit a stolen OIDC token with their own key pair and obtain a fraudulent certificate.

  • Prevents token replay attacks
  • Client demonstrates key ownership before issuance
  • Integrated into the standard signing workflow
FULCIO EXPLAINED

Frequently Asked Questions

Clear, technical answers to the most common questions about Fulcio, the certificate authority that enables keyless signing within the Sigstore ecosystem.

Fulcio is a root certificate authority (CA) within the Sigstore stack that issues short-lived code-signing certificates bound to an OpenID Connect (OIDC) identity. Unlike traditional CAs that manage long-lived private keys, Fulcio operates on a keyless signing paradigm. The workflow proceeds as follows: a client authenticates to an OIDC provider (such as Google, GitHub, or Microsoft) and receives an identity token. The client then generates an ephemeral key pair and sends a certificate signing request (CSR) to Fulcio, including the OIDC token. Fulcio validates the token, extracts the identity (e.g., an email address or workflow URI), and issues an X.509 certificate with a validity period typically measured in minutes—often as short as 10 minutes. This certificate is then used by Cosign to sign an artifact. Because the certificate expires so rapidly, the corresponding private key becomes useless almost immediately, eliminating the operational burden of key rotation and revocation. The issuance event is recorded in the Rekor transparency log, creating an auditable, immutable record.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.