1## cosign public-key
2
3Gets a public key from the key-pair.
4
5### Synopsis
6
7Gets a public key from the key-pair and
8writes to a specified file. By default, it will write to standard out.
9
10```
11cosign public-key [flags]
12```
13
14### Examples
15
16```
17
18 # extract public key from private key to a specified out file.
19 cosign public-key --key <PRIVATE KEY FILE> --outfile <OUTPUT>
20
21 # extract public key from URL.
22 cosign public-key --key https://host.for/<FILE> --outfile <OUTPUT>
23
24 # extract public key from Azure Key Vault
25 cosign public-key --key azurekms://[VAULT_NAME][VAULT_URI]/[KEY]
26
27 # extract public key from AWS KMS
28 cosign public-key --key awskms://[ENDPOINT]/[ID/ALIAS/ARN]
29
30 # extract public key from Google Cloud KMS
31 cosign public-key --key gcpkms://projects/[PROJECT]/locations/global/keyRings/[KEYRING]/cryptoKeys/[KEY]
32
33 # extract public key from Hashicorp Vault KMS
34 cosign public-key --key hashivault://[KEY]
35
36 # extract public key from GitLab with project name
37 cosign public-key --key gitlab://[OWNER]/[PROJECT_NAME] <IMAGE>
38
39 # extract public key from GitLab with project id
40 cosign public-key --key gitlab://[PROJECT_ID] <IMAGE>
41```
42
43### Options
44
45```
46 -h, --help help for public-key
47 --key string path to the private key file, KMS URI or Kubernetes Secret
48 --outfile string path to a payload file to use rather than generating one
49 --sk whether to use a hardware security key
50 --slot string security key slot to use for generated key (default: signature) (authentication|signature|card-authentication|key-management)
51```
52
53### Options inherited from parent commands
54
55```
56 --output-file string log output to a file
57 -t, --timeout duration timeout for commands (default 3m0s)
58 -d, --verbose log debug output
59```
60
61### SEE ALSO
62
63* [cosign](cosign.md) - A tool for Container Signing, Verification and Storage in an OCI registry.
64
View as plain text