singularity sign

Add digital signature(s) to an image

Synopsis

The sign command allows a user to add one or more digital signatures to a SIF image. By default, one digital signature is added for each object group in the file.

Key material can be provided via PEM-encoded file, or an entity in the PGP keyring. To manage the PGP keyring, see ‘singularity help key’.

—cosign mode supports signing an OCI image within an OCI-SIF file with a cosign-compatible signature. A private key must be provided with the –key flag.

singularity sign [sign options...] <image path>

Examples

Sign with a private key:
$ singularity sign --key private.pem container.sif

Sign with PGP:
$ singularity sign container.sif

Sign an image within an OCI-SIF with a cosign compatible signature:
$ singularity sign --cosign --key cosign.key container.oci.sif

Options

-c, --cosign            sign an OCI-SIF with a cosign-compatible sigstore signature
-g, --group-id uint32   sign objects with the specified group ID
-h, --help              help for sign
    --key string        path to the private key file
-k, --keyidx int        PGP private key to use (index from 'key list --secret')
-i, --sif-id uint32     sign object with the specified ID

SEE ALSO

• singularity -

Linux container platform optimized for High Performance Computing (HPC) and Enterprise Performance Computing (EPC)

Auto generated by spf13/cobra on 6-Mar-2025