Module keyless

Modules§

cert_pinning: Certificate pinning for Sigstore endpoints (Issue #12)
cert_verifier: Certificate chain verification for Fulcio certificates
fulcio
merkle: RFC 6962 Merkle Tree Inclusion Proof Verification
oidc
rate_limit: Rate limiting for Sigstore API endpoints (Issue #6)
rekor
rekor_verifier: Rekor Transparency Log Verification
signer: Keyless signing orchestration
transport: Custom TLS transport with certificate pinning (Issue #12) Note: Only available on native targets (not wasm32). Custom TLS transport with certificate pinning support

CertificatePool: A pool of trusted root and intermediate certificates for verification
FulcioCertificate: Fulcio certificate response
FulcioClient: Fulcio client for obtaining short-lived certificates
GitHubOidcProvider: GitHub Actions OIDC provider
GitLabOidcProvider: GitLab CI OIDC provider
GoogleOidcProvider: Google Cloud OIDC provider
KeylessConfig: Configuration for keyless signing
KeylessSignature: Keyless signature custom section format
KeylessSigner: Main keyless signing interface
KeylessVerificationResult: Result of keyless signature verification
KeylessVerifier: Keyless signature verification
OidcToken: OIDC token for identity verification
PinnedCertVerifier: Custom certificate verifier that implements pinning
PinningConfig: Certificate pinning configuration
RekorClient: Rekor client for transparency log operations
RekorEntry: Rekor log entry returned from the transparency log
RekorKeyring: Pool of Rekor public keys for verification

CertVerificationError: Errors that can occur during certificate verification

check_pinning_requirement: Check if strict certificate pinning is required via environment variable.
create_pinned_rustls_config: Create a rustls ClientConfig with certificate pinning enabled.
detect_oidc_provider: Auto-detect OIDC provider from environment variables