Upload one or more blobs to the supplied container image address.
cosign upload blob [flags]
cosign upload blob -f <blob ref> <image uri>
# upload a blob named foo to the location specified by <IMAGE>
cosign upload blob -f foo <IMAGE>
# upload a blob named foo to the location specified by <IMAGE>, setting the os field to "MYOS".
cosign upload blob -f foo:MYOS <IMAGE>
# upload a blob named foo to the location specified by <IMAGE>, setting the os field to "MYOS" and the platform field to "MYPLATFORM".
cosign upload blob -f foo:MYOS/MYPLATFORM <IMAGE>
# upload two blobs named foo-darwin and foo-linux to the location specified by <IMAGE>, setting the os fields
cosign upload blob -f foo-darwin:darwin -f foo-linux:linux <IMAGE>
# upload a blob named foo to the location specified by <IMAGE>, setting annotations mykey=myvalue.
cosign upload blob -a mykey=myvalue -f foo <IMAGE>
# upload two blobs named foo-darwin and foo-linux to the location specified by <IMAGE>, setting annotations
cosign upload blob -a mykey=myvalue -a myotherkey="my other value" -f foo-darwin:darwin -f foo-linux:linux <IMAGE>
--allow-http-registry whether to allow using HTTP protocol while connecting to registries. Don't use this for anything but testing
--allow-insecure-registry whether to allow insecure connections to registries (e.g., with expired or self-signed TLS certificates). Don't use this for anything but testing
-a, --annotation stringToString annotations to set (default [])
--attachment-tag-prefix [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName] optional custom prefix to use for attached image tags. Attachment images are tagged as: [AttachmentTagPrefix]sha256-[TargetImageDigest].[AttachmentName]
--ct string content type to set
-f, --files strings <filepath>:[platform/arch]
-h, --help help for blob
--k8s-keychain whether to use the kubernetes keychain instead of the default keychain (supports workload identity).
--registry-cacert string path to the X.509 CA certificate file in PEM format to be used for the connection to the registry
--registry-client-cert string path to the X.509 certificate file in PEM format to be used for the connection to the registry
--registry-client-key string path to the X.509 private key file in PEM format to be used, together with the 'registry-client-cert' value, for the connection to the registry
--registry-password string registry basic auth password
--registry-server-name string SAN name to use as the 'ServerName' tls.Config field to verify the mTLS connection to the registry
--registry-token string registry bearer auth token
--registry-username string registry basic auth username
--output-file string log output to a file
-t, --timeout duration timeout for commands (default 3m0s)
-d, --verbose log debug output
- cosign upload - Provides utilities for uploading artifacts to a registry