Home DevOps & Cloud CI/CD Signing & Notarization

CI/CD Signing & Notarization Cheat Sheet

Artifact identity and provenance

Last Updated: November 21, 2025

Focus Areas

Focus
Sign artifacts with GPG, Cosign, or Sigstore
Submit signed artifacts to registries or notarization services

Commands & Queries

cosign sign --key cosign.key my-app:latest
Sign a container
cosign verify my-app:latest
Verify the signature
notary sign --role targets --key private.pem my-app
Notarize artifact

Summary

Embed signatures in your pipeline and verify before deploying.

Related Cheat Sheets

Systemd Services

Craft service + timer units, enable/disable, and inspect logs

Cloudflare Workers

Deploy edge functions, persist data, and configure routes

Kubernetes Cost Optimization

Node pools, schedule tuning, and spot workloads

Terraform Modules

Module structure, inputs/outputs, and versioning

💡 Pro Tip: Use managed key stores or Sigstore to keep signing keys safe.

Related Cheat Sheets

Browse all DevOps & Cloud →

← Back to DevOps & Cloud | Browse all categories | View all cheat sheets