Inferensys

Glossary

Sigstore

An open-source project enabling automated, keyless signing and verification of software artifacts using short-lived certificates issued via OpenID Connect identities and recorded in a public transparency log.
Stylish WeWork-like workspace with hot desks and document wall, professional searching through enterprise knowledge base on a mounted ultrawide display, warm industrial pendants overhead.
KEYLESS CODE SIGNING

What is Sigstore?

An open-source project enabling automated, keyless signing and verification of software artifacts using short-lived certificates issued via OpenID Connect identities and recorded in a public transparency log.

Sigstore is an open-source standard for keyless signing and verification of software artifacts. It eliminates the operational burden of managing long-lived private keys by binding a digital signature to an ephemeral, short-lived certificate issued by the Fulcio certificate authority against a verified OpenID Connect (OIDC) identity. This process creates a cryptographically verifiable link between the artifact and the identity of the producer, such as a build pipeline or committer.

All signing events are recorded in Rekor, an append-only, immutable transparency log. This public ledger makes the issuance of certificates auditable and prevents retroactive forgery, providing non-repudiation. Verification requires checking the signature against the transparency log entry, ensuring the artifact was signed during the certificate's validity window and that the signing identity was correctly authenticated.

Keyless Signing Infrastructure

Key Features of Sigstore

Sigstore provides a free, automated, and open-source framework for cryptographically signing, verifying, and auditing software artifacts without managing long-lived private keys.

01

Keyless Signing via OIDC

Eliminates the burden of private key management by binding signatures to workload identities rather than static secrets. The signer authenticates using an existing OpenID Connect (OIDC) token from platforms like GitHub Actions, Google, or Microsoft. Fulcio, the certificate authority, validates this token and issues a short-lived, ephemeral code-signing certificate tied to that specific identity. This certificate is valid for only minutes, drastically reducing the window for key compromise and eliminating the need for manual key rotation or secure storage.

< 10 min
Certificate Validity
02

Transparency and Auditing with Rekor

Every signing event is recorded in Rekor, an immutable, append-only transparency log. This provides a public, cryptographically verifiable record of the signature's origin and existence. Key properties include:

  • Non-repudiation: A signer cannot later deny signing an artifact.
  • Auditability: Security teams can monitor the log to detect unauthorized signing events.
  • Tamper-proofing: The log uses a Merkle tree structure, making retroactive insertion or deletion computationally infeasible. This ensures that a signature verified against the log is globally auditable.
Immutable
Log Structure
04

Integration with Supply Chain Frameworks

Sigstore is a foundational component of broader software supply chain security frameworks. It directly supports:

  • SLSA (Supply Chain Levels for Software Artifacts): Generating non-forgeable provenance attestations to meet SLSA Level 2+ requirements.
  • in-toto: Signing in-toto link metadata to cryptographically verify each step in a CI/CD pipeline.
  • Binary Authorization: Enforcing deploy-time policies in Kubernetes by validating Sigstore signatures through an Admission Controller before allowing a container to run. This creates a verifiable chain of custody from developer identity to production deployment.
05

Software and Model Bill of Materials Signing

Beyond signing the final artifact, Sigstore is used to sign associated metadata documents to ensure their integrity:

  • SBOMs (Software Bill of Materials): A signed SBOM proves the list of dependencies hasn't been tampered with after generation.
  • MBOMs (Model Bill of Materials): Extends this trust to AI/ML by signing a manifest of training datasets, model architecture, and framework dependencies.
  • Attestations: Any verifiable fact about an artifact (e.g., a vulnerability scan result) can be cryptographically signed and stored as an attestation, creating a tamper-proof audit trail for compliance.
06

Decentralized Trust Model

Sigstore operates on a zero-trust principle where trust is derived from public verification, not a single centralized authority. The Fulcio CA only attests to the binding between an OIDC identity and a public key for a brief moment. The Rekor transparency log makes the issuance of this certificate globally visible and auditable. This keyless paradigm means:

  • No long-lived secrets to steal.
  • No centralized key server to compromise.
  • Trust is rooted in the signer's existing identity provider and the public, immutable log, enabling a federated and resilient trust architecture.
SIGSTORE

Frequently Asked Questions

Clear answers to the most common questions about keyless signing, transparency logs, and how Sigstore secures the software supply chain.

Sigstore is an open-source project that enables keyless signing and automated verification of software artifacts using short-lived certificates. It works by binding a digital signature to an OpenID Connect (OIDC) identity—such as a developer's email or a workload's service account—rather than a manually managed long-lived private key. When a developer signs an artifact, the Fulcio certificate authority issues an ephemeral code-signing certificate after verifying the OIDC token. The signing event is then recorded in Rekor, an append-only, cryptographically verifiable transparency log. This architecture eliminates the operational burden of key distribution, rotation, and secure storage, while the public transparency log ensures non-repudiation and makes the entire signing process auditable by any third party.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.