What Is Artifact Signing?
Artifact signing attaches a cryptographic signature to a build output, so anyone can verify it has not been tampered with and came from you.
Once an artifact leaves your pipeline, it passes through registries and networks. Signing lets a consumer confirm two things before trusting it: that it is unchanged since you built it, and that you are the one who built it.
How signing works
The pipeline computes a digest of the artifact and signs it with a private key. Consumers verify the signature with the corresponding public key - if the artifact changed by even one byte, verification fails.
Keyless signing
Managing long-lived signing keys is risky. Keyless signing (for example via Sigstore/cosign) uses short-lived certificates tied to an OIDC identity, so there is no private key to leak - the same identity model as OIDC cloud auth.
A small example
In CI, cosign sign <image> signs your container image using the workflow's OIDC identity; no key is stored. A deploy gate runs cosign verify and refuses any image without a valid signature from your expected identity.
Signing vs provenance
Signing proves integrity and origin of the artifact itself. Provenance describes how it was built. They pair naturally: you sign the artifact and sign the provenance statement that accompanies it.
Verification is the point
Signing only helps if something checks the signature. Enforce verification at the boundary that matters - your deploy step or admission controller - so an unsigned or tampered artifact is rejected before it runs.
Key takeaways
- Signing lets consumers verify an artifact's integrity and origin.
- Keyless signing avoids long-lived keys by using short-lived OIDC identities.
- Signing is only useful if something enforces verification.