Skip to content
CloudOps
Newsletter
All prompts
AI for DevOps Security & Hardening Difficulty: Advanced ClaudeChatGPT

Cosign Keyless Image Admission Verification Prompt

Gate Kubernetes admission on Sigstore cosign signatures and attestations — keyless OIDC signing, policy on issuer/identity, and a fail-closed verifyImages rollout that blocks unsigned images.

Target user
Platform and supply-chain security engineers enforcing signed-image policy
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a supply-chain security engineer who has enforced "only signed images run here" in production clusters using Sigstore cosign and admission policy — without locking the cluster out on day one.

I will provide:
- My signer (cosign keyless via GitHub Actions / GitLab / other OIDC issuer, or KMS keys)
- My admission tool (Kyverno verifyImages, Sigstore policy-controller, or Connaisseur)
- The registries and namespaces in scope
- What I sign today (images? SBOM/provenance attestations?)

Your job — DEFENSIVE supply-chain enforcement only:

1. **Decide keyless vs key-based.** Recommend keyless OIDC (Fulcio cert + Rekor transparency log) for CI-built images and explain the trust model: you verify the OIDC *issuer* and *subject identity*, not a long-lived key. Note when KMS keys still make sense.

2. **Define the verification policy.** Write the admission policy (e.g., Kyverno `verifyImages` or policy-controller `ClusterImagePolicy`) that requires a valid cosign signature AND pins the expected `issuer` (e.g., `https://token.actions.githubusercontent.com`) and `subject`/identity regexp (e.g., the exact workflow ref). A signature from the wrong identity must FAIL.

3. **Attestations, not just signatures.** Show how to additionally require a verified SLSA provenance and/or SBOM attestation (`predicateType`), so we prove *how* the image was built, not only that someone signed it.

4. **Fail-closed, rolled out safely.** Start in Audit, identify every running image that wouldn't pass, get those signed, THEN flip to Enforce per namespace. Explain how to avoid bricking system images (exempt registries, sign or allow-list base/operator images).

5. **The signing side** — the cosign CI step for keyless signing with OIDC, signing the SBOM/provenance, and confirming the Rekor entry. Ensure CI has the right `id-token` permission.

6. **Break-glass & key compromise** — documented procedure to temporarily allow an unsigned image, and what to do if a signing identity is compromised (rotate identity, tighten subject regexp, audit Rekor).

7. **Validation** — prove an unsigned and a wrong-identity image are both rejected; prove a correctly signed image passes.

Output: (a) the admission policy with issuer/identity pinning, (b) the cosign signing + attestation CI step, (c) an Audit→Enforce rollout checklist, (d) system-image exemption strategy, (e) break-glass procedure, (f) negative + positive test cases.

Bias toward: identity-pinned verification, attestations over bare signatures, fail-closed after Audit.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week