Skip to content

Signing with Azure Key Vault throws error #4915

Description

@boomer41

Description

I have a RSA-2048 key stored in Azure Key Vault. The type does not matter, as RSA and RSA-HSM behave the same.

Then I want to sign my image with the following command:

cosign sign \
  --key azurekms://<keyvault>.vault.azure.net/<key-id> \
  boomer41/infra:latest@sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026

I expect the signature to work, as using Azure Key Vault as a key backend is supported.
However, I receive this:

signing artifact... - Error: signing [boomer41/infra:latest@sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026]: signing digest: signing bundle: error signing bundle: could not verify envelope: accepted signatures do not match threshold, Found: 0, Expected 1
error during command execution: signing [boomer41/infra:latest@sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026]: signing digest: signing bundle: error signing bundle: could not verify envelope: accepted signatures do not match threshold, Found: 0, Expected 1

I did not manage to make it work with Azure KMS.
If I use cosign generate-key-pair and use that key, signing works.

Debug logs

cosign sign -d --key azurekms://b41kvtest.vault.azure.net/test-key-2 boomer41/infra:latest@sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026                     
2026/06/03 20:58:38 --> GET https://index.docker.io/v2/
2026/06/03 20:58:38 GET /v2/ HTTP/1.1
Host: index.docker.io
User-Agent: cosign/v3.0.6+dirty (linux; amd64) go-containerregistry/v0.21.3
Accept-Encoding: gzip


2026/06/03 20:58:38 <-- 401 https://index.docker.io/v2/ (320.587862ms)
2026/06/03 20:58:38 HTTP/2.0 401 Unauthorized
Content-Length: 87
Content-Type: application/json
Date: Wed, 03 Jun 2026 18:58:38 GMT
Docker-Distribution-Api-Version: registry/2.0
Strict-Transport-Security: max-age=31536000
Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"

{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

2026/06/03 20:58:38 --> GET https://auth.docker.io/token?scope=repository%3Aboomer41%2Finfra%3Apull&service=registry.docker.io [body redacted: basic token response contains credentials]
2026/06/03 20:58:38 GET /token?scope=repository%3Aboomer41%2Finfra%3Apull&service=registry.docker.io HTTP/1.1
Host: auth.docker.io
User-Agent: cosign/v3.0.6+dirty (linux; amd64) go-containerregistry/v0.21.3
Authorization: <redacted>
Accept-Encoding: gzip


2026/06/03 20:58:39 <-- 200 https://auth.docker.io/token?scope=repository%3Aboomer41%2Finfra%3Apull&service=registry.docker.io (158.598109ms) [body redacted: basic token response contains credentials]
2026/06/03 20:58:39 HTTP/2.0 200 OK
Connection: close
Cf-Cache-Status: DYNAMIC
Cf-Ray: a060ee31dcfed395-FRA
Content-Type: application/json
Date: Wed, 03 Jun 2026 18:58:39 GMT
Server: cloudflare
Set-Cookie: __cf_bm=Ob9w89p.NYWK5gFAucS8raEKVRTiA82i59.G_JyMnO0-1780513119.016106-1.0.1.1-A1jl6Rx17I5fVpqrTBicbmVZq9bEI1Qr.Z1nTGFWEQ3YU10kQSn574phO_GgcalAEv1pxu90g51rv7CCwEVdGTrH4AuqJ3dznBYwZHGchNglRmlwHNuFUB2MVnTDPyf9; HttpOnly; SameSite=None; Secure; Path=/; Domain=auth.docker.io; Expires=Wed, 03 Jun 2026 19:28:39 GMT
Strict-Transport-Security: max-age=31536000
X-Trace-Id: ebddf155779f88811565b0a067c88f7e
X-Trace-Sampled: true


2026/06/03 20:58:39 --> GET https://index.docker.io/v2/boomer41/infra/manifests/sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026
2026/06/03 20:58:39 GET /v2/boomer41/infra/manifests/sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026 HTTP/1.1
Host: index.docker.io
User-Agent: cosign/v3.0.6+dirty (linux; amd64) go-containerregistry/v0.21.3
Accept: application/vnd.docker.distribution.manifest.v1+json,application/vnd.docker.distribution.manifest.v1+prettyjws,application/vnd.docker.distribution.manifest.v2+json,application/vnd.oci.image.manifest.v1+json,application/vnd.docker.distribution.manifest.list.v2+json,application/vnd.oci.image.index.v1+json
Authorization: <redacted>
Accept-Encoding: gzip


2026/06/03 20:58:39 <-- 200 https://index.docker.io/v2/boomer41/infra/manifests/sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026 (160.489494ms)
2026/06/03 20:58:39 HTTP/2.0 200 OK
Content-Length: 1609
Content-Type: application/vnd.oci.image.index.v1+json
Date: Wed, 03 Jun 2026 18:58:39 GMT
Docker-Content-Digest: sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026
Docker-Distribution-Api-Version: registry/2.0
Docker-Ratelimit-Source: ae230181-1087-4a2b-bb65-46b2e884be1e
Etag: "sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026"
Ratelimit-Limit: 200;w=21600
Ratelimit-Remaining: 189;w=21600
Strict-Transport-Security: max-age=31536000

{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "manifests": [
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:4299cf70d4727a8301672998fd770e90fc6a5bd9b9703bc62917c2e1185f0497",
      "size": 1254,
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:e5b6ebb560bbfdf2e24984820b4e319591b536bb966d0f714ddf6d4349d55543",
      "size": 1254,
      "platform": {
        "architecture": "arm64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:49fca692dafdf8ffdd047d3fb22399c259dc823d1af5520301846b41cb93f939",
      "size": 839,
      "annotations": {
        "vnd.docker.reference.digest": "sha256:4299cf70d4727a8301672998fd770e90fc6a5bd9b9703bc62917c2e1185f0497",
        "vnd.docker.reference.type": "attestation-manifest"
      },
      "platform": {
        "architecture": "unknown",
        "os": "unknown"
      }
    },
    {
      "mediaType": "application/vnd.oci.image.manifest.v1+json",
      "digest": "sha256:9dd64d8f4452a73d814ab9f104eb33643a19da41518d641c0d2f46080cf97ab0",
      "size": 839,
      "annotations": {
        "vnd.docker.reference.digest": "sha256:e5b6ebb560bbfdf2e24984820b4e319591b536bb966d0f714ddf6d4349d55543",
        "vnd.docker.reference.type": "attestation-manifest"
      },
      "platform": {
        "architecture": "unknown",
        "os": "unknown"
      }
    }
  ]
}
Signing artifact... - Error: signing [boomer41/infra:latest@sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026]: signing digest: signing bundle: error signing bundle: could not verify envelope: accepted signatures do not match threshold, Found: 0, Expected 1
error during command execution: signing [boomer41/infra:latest@sha256:5f0d3080e1c37933da5b53b8ff40e4f01067d25af1b20e8ea7fc3a75b23af026]: signing digest: signing bundle: error signing bundle: could not verify envelope: accepted signatures do not match threshold, Found: 0, Expected 1

Version

Please note: I'm using the version Arch Linux bundles in their repository, that would explain the +dirty flag: https://archlinux.org/packages/extra/x86_64/cosign/

  ______   ______        _______. __    _______ .__   __.
 /      | /  __  \      /       ||  |  /  _____||  \ |  |
|  ,----'|  |  |  |    |   (----`|  | |  |  __  |   \|  |
|  |     |  |  |  |     \   \    |  | |  | |_ | |  . `  |
|  `----.|  `--'  | .----)   |   |  | |  |__| | |  |\   |
 \______| \______/  |_______/    |__|  \______| |__| \__|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.

GitVersion:    v3.0.6+dirty
GitCommit:     f1ad3ee952313be5d74a49d67ba0aa8d0d5e351f
GitTreeState:  dirty
BuildDate:     2026-04-06T21:39:58
GoVersion:     go1.26.1-X:nodwarf5
Compiler:      gc
Platform:      linux/amd64

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions