cosign help policy init

Generate a new keyless policy

Options

NameDescription
--output-file <output-file>Log output to a file
--timeout, -t <timeout>Timeout for commands
--verbose, -dLog debug output
--allow-insecure-registryWhether to allow insecure connections to registries. Don't use this for anything but testing
--attachment-tag-prefix <attachment-tag-prefix>Optional custom prefix to use for attached image tags. Attachment images are tagged as: `[AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]`
--expires <expires>Total expire duration in days
--issuer <issuer>Trusted issuer to use for identity tokens, e.g. https://accounts.google.com
--k8s-keychainWhether to use the kubernetes keychain instead of the default keychain (supports workload identity)
--maintainers, -m <maintainers>List of maintainers to add to the root policy
--namespace <namespace>Registry namespace that the root policy belongs to
--out <out>Output policy locally
--threshold <threshold>Threshold for root policy signers
--help, -hHelp for init