cosign policy init
Generate a new keyless policy
Options
| Name | Description |
|---|---|
--output-file <output-file> | Log output to a file |
--timeout, -t <timeout> | Timeout for commands |
--verbose, -d | Log debug output |
--allow-insecure-registry | Whether to allow insecure connections to registries. Don't use this for anything but testing |
--attachment-tag-prefix <attachment-tag-prefix> | Optional custom prefix to use for attached image tags. Attachment images are tagged as: `[AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]` |
--expires <expires> | Total expire duration in days |
--issuer <issuer> | Trusted issuer to use for identity tokens, e.g. https://accounts.google.com |
--k8s-keychain | Whether to use the kubernetes keychain instead of the default keychain (supports workload identity) |
--maintainers, -m <maintainers> | List of maintainers to add to the root policy |
--namespace <namespace> | Registry namespace that the root policy belongs to |
--out <out> | Output policy locally |
--threshold <threshold> | Threshold for root policy signers |
--help, -h | Help for init |