Sigstore is an open-source standard for keyless signing and verification of software artifacts. It eliminates the operational burden of managing long-lived private keys by binding a digital signature to an ephemeral, short-lived certificate issued by the Fulcio certificate authority against a verified OpenID Connect (OIDC) identity. This process creates a cryptographically verifiable link between the artifact and the identity of the producer, such as a build pipeline or committer.
Glossary
Sigstore

What is Sigstore?
An open-source project enabling automated, keyless signing and verification of software artifacts using short-lived certificates issued via OpenID Connect identities and recorded in a public transparency log.
All signing events are recorded in Rekor, an append-only, immutable transparency log. This public ledger makes the issuance of certificates auditable and prevents retroactive forgery, providing non-repudiation. Verification requires checking the signature against the transparency log entry, ensuring the artifact was signed during the certificate's validity window and that the signing identity was correctly authenticated.
Key Features of Sigstore
Sigstore provides a free, automated, and open-source framework for cryptographically signing, verifying, and auditing software artifacts without managing long-lived private keys.
Keyless Signing via OIDC
Eliminates the burden of private key management by binding signatures to workload identities rather than static secrets. The signer authenticates using an existing OpenID Connect (OIDC) token from platforms like GitHub Actions, Google, or Microsoft. Fulcio, the certificate authority, validates this token and issues a short-lived, ephemeral code-signing certificate tied to that specific identity. This certificate is valid for only minutes, drastically reducing the window for key compromise and eliminating the need for manual key rotation or secure storage.
Transparency and Auditing with Rekor
Every signing event is recorded in Rekor, an immutable, append-only transparency log. This provides a public, cryptographically verifiable record of the signature's origin and existence. Key properties include:
- Non-repudiation: A signer cannot later deny signing an artifact.
- Auditability: Security teams can monitor the log to detect unauthorized signing events.
- Tamper-proofing: The log uses a Merkle tree structure, making retroactive insertion or deletion computationally infeasible. This ensures that a signature verified against the log is globally auditable.
Integration with Supply Chain Frameworks
Sigstore is a foundational component of broader software supply chain security frameworks. It directly supports:
- SLSA (Supply Chain Levels for Software Artifacts): Generating non-forgeable provenance attestations to meet SLSA Level 2+ requirements.
- in-toto: Signing in-toto link metadata to cryptographically verify each step in a CI/CD pipeline.
- Binary Authorization: Enforcing deploy-time policies in Kubernetes by validating Sigstore signatures through an Admission Controller before allowing a container to run. This creates a verifiable chain of custody from developer identity to production deployment.
Software and Model Bill of Materials Signing
Beyond signing the final artifact, Sigstore is used to sign associated metadata documents to ensure their integrity:
- SBOMs (Software Bill of Materials): A signed SBOM proves the list of dependencies hasn't been tampered with after generation.
- MBOMs (Model Bill of Materials): Extends this trust to AI/ML by signing a manifest of training datasets, model architecture, and framework dependencies.
- Attestations: Any verifiable fact about an artifact (e.g., a vulnerability scan result) can be cryptographically signed and stored as an attestation, creating a tamper-proof audit trail for compliance.
Decentralized Trust Model
Sigstore operates on a zero-trust principle where trust is derived from public verification, not a single centralized authority. The Fulcio CA only attests to the binding between an OIDC identity and a public key for a brief moment. The Rekor transparency log makes the issuance of this certificate globally visible and auditable. This keyless paradigm means:
- No long-lived secrets to steal.
- No centralized key server to compromise.
- Trust is rooted in the signer's existing identity provider and the public, immutable log, enabling a federated and resilient trust architecture.
Frequently Asked Questions
Clear answers to the most common questions about keyless signing, transparency logs, and how Sigstore secures the software supply chain.
Sigstore is an open-source project that enables keyless signing and automated verification of software artifacts using short-lived certificates. It works by binding a digital signature to an OpenID Connect (OIDC) identity—such as a developer's email or a workload's service account—rather than a manually managed long-lived private key. When a developer signs an artifact, the Fulcio certificate authority issues an ephemeral code-signing certificate after verifying the OIDC token. The signing event is then recorded in Rekor, an append-only, cryptographically verifiable transparency log. This architecture eliminates the operational burden of key distribution, rotation, and secure storage, while the public transparency log ensures non-repudiation and makes the entire signing process auditable by any third party.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core components and complementary technologies that form the Sigstore keyless signing and verification ecosystem for tamper-proof software supply chains.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us