diff --git a/config/config.yaml b/config/config.yaml deleted file mode 100644 index 189503bd9..000000000 --- a/config/config.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 2024 The Sigstore Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -oidc-issuers: - https://accounts.google.com: - issuer-url: https://accounts.google.com - client-id: sigstore - type: email - https://agent.buildkite.com: - issuer-url: https://agent.buildkite.com - client-id: sigstore - type: buildkite-job - https://allow.pub: - issuer-url: https://allow.pub - client-id: sigstore - type: spiffe - spiffe-trust-domain: allow.pub - https://auth-staging.eclipse.org/realms/sigstore: - issuer-url: https://auth-staging.eclipse.org/realms/sigstore - client-id: sigstore - type: email - https://auth.eclipse.org/auth/realms/sigstore: - issuer-url: https://auth.eclipse.org/auth/realms/sigstore - client-id: sigstore - type: email - https://dev.gitlab.org: - issuer-url: https://dev.gitlab.org - client-id: sigstore - type: gitlab-pipeline - https://gitlab.archlinux.org: - issuer-url: https://gitlab.archlinux.org - client-id: sigstore - type: gitlab-pipeline - https://gitlab.com: - issuer-url: https://gitlab.com - client-id: sigstore - type: gitlab-pipeline - https://issuer.enforce.dev: - issuer-url: https://issuer.enforce.dev - client-id: sigstore - type: chainguard-identity - https://oauth2.sigstore.dev/auth: - issuer-url: https://oauth2.sigstore.dev/auth - client-id: sigstore - type: email - issuer-claim: $.federated_claims.connector_id - https://oidc.codefresh.io: - issuer-url: https://oidc.codefresh.io - client-id: sigstore - type: codefresh-workflow - https://ops.gitlab.net: - issuer-url: https://ops.gitlab.net - client-id: sigstore - type: gitlab-pipeline - https://token.actions.githubusercontent.com: - issuer-url: https://token.actions.githubusercontent.com - client-id: sigstore - type: github-workflow -meta-issuers: - https://*.oic.prod-aks.azure.com/*: - client-id: sigstore - type: kubernetes - https://container.googleapis.com/v1/projects/*/locations/*/clusters/*: - client-id: sigstore - type: kubernetes - https://oidc.eks.*.amazonaws.com/id/*: - client-id: sigstore - type: kubernetes - https://oidc.prod-aks.azure.com/*: - client-id: sigstore - type: kubernetes - https://token.actions.githubusercontent.com/*: - client-id: sigstore - type: github-workflow \ No newline at end of file diff --git a/config/fulcio-config.yaml b/config/fulcio-config.yaml deleted file mode 100644 index ad3056695..000000000 --- a/config/fulcio-config.yaml +++ /dev/null @@ -1,125 +0,0 @@ -# -# Copyright 2021 The Sigstore Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -data: - config.yaml: |- - oidc-issuers: - https://accounts.google.com: - issuer-url: https://accounts.google.com - client-id: sigstore - type: email - contact: tac@sigstore.dev - description: "Google OIDC auth" - https://agent.buildkite.com: - issuer-url: https://agent.buildkite.com - client-id: sigstore - type: buildkite-job - contact: support@buildkite.com - description: "Buildkite Agent OIDC tokens for job identity" - https://allow.pub: - issuer-url: https://allow.pub - client-id: sigstore - type: spiffe - spiffe-trust-domain: allow.pub - contact: evan@phx.io - description: "Server side signing support for the OCI registry vcr.pub" - https://auth-staging.eclipse.org/realms/sigstore: - issuer-url: https://auth-staging.eclipse.org/realms/sigstore - client-id: sigstore - type: email - contact: security@eclipse-foundation.org - description: "Eclipse Foundation Staging OIDC provider" - https://auth.eclipse.org/auth/realms/sigstore: - issuer-url: https://auth.eclipse.org/auth/realms/sigstore - client-id: sigstore - type: email - contact: security@eclipse-foundation.org - description: "Eclipse Foundation Production OIDC provider" - https://dev.gitlab.org: - issuer-url: https://dev.gitlab.org - client-id: sigstore - type: gitlab-pipeline - contact: distribution-be@gitlab.com - description: "GitLab OIDC tokens for job identity" - https://gitlab.archlinux.org: - issuer-url: https://gitlab.archlinux.org - client-id: sigstore - type: gitlab-pipeline - contact: sigstore@archlinux.org - description: "GitLab OIDC tokens for job identity" - https://gitlab.com: - issuer-url: https://gitlab.com - client-id: sigstore - type: gitlab-pipeline - contact: support@gitlab.com - description: "GitLab OIDC tokens for job identity" - https://issuer.enforce.dev: - issuer-url: https://issuer.enforce.dev - client-id: sigstore - type: chainguard-identity - contact: mattmoor@chainguard.dev - description: "Chainguard identity tokens" - https://oauth2.sigstore.dev/auth: - issuer-url: https://oauth2.sigstore.dev/auth - client-id: sigstore - type: email - issuer-claim: $.federated_claims.connector_id - contact: tac@sigstore.dev - description: "dex address for fulcio" - https://oidc.codefresh.io: - issuer-url: https://oidc.codefresh.io - client-id: sigstore - type: codefresh-workflow - contact: support@codefresh.io - description: "Codefresh OIDC tokens for job identity" - https://ops.gitlab.net: - issuer-url: https://ops.gitlab.net - client-id: sigstore - type: gitlab-pipeline - contact: distribution-be@gitlab.com - description: "GitLab OIDC tokens for job identity" - https://token.actions.githubusercontent.com: - issuer-url: https://token.actions.githubusercontent.com - client-id: sigstore - type: github-workflow - contact: tac@sigstore.dev - description: "GitHub Actions OIDC auth" - meta-issuers: - https://*.oic.prod-aks.azure.com/*: - client-id: sigstore - type: kubernetes - https://container.googleapis.com/v1/projects/*/locations/*/clusters/*: - client-id: sigstore - type: kubernetes - https://oidc.eks.*.amazonaws.com/id/*: - client-id: sigstore - type: kubernetes - https://oidc.prod-aks.azure.com/*: - client-id: sigstore - type: kubernetes - https://token.actions.githubusercontent.com/*: - client-id: sigstore - type: github-workflow - server.yaml: |- - host: 0.0.0.0 - port: 5555 - grpc-port: 5554 - ca: googleca - ct-log-url: http://ct-log/test - log_type: prod -kind: ConfigMap -metadata: - name: fulcio-config - namespace: fulcio-system