Skip to content

Chrome extension to manage Sigstore and Chainguard auth windows

License

Notifications You must be signed in to change notification settings

imjasonh/chrome-sigstore

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Auto-close Sigstore and Chainguard auth windows

The repo implements a Chrome extension to automatically close browser tabs opened by Sigstore's keyless signing flow, and similarly Chainguard's OIDC auth refresh flows.

When you use cosign sign or gitsign, these tools take you through an OAuth flow, finally redirecting you to an "Auth successful" page. There are lots of things you can do to streamline this, but the final page remains open due to security limitations in the browser (windows aren't allowed to close themselves).

Similarly, Chainguard's chainctl auth login command pops up a browser to reauthenticate, and leaves a crufty window in its wake upon completion.

This Chrome extension takes care of cleaning up the cruft, and auto-closes these windows when they're found.

Auto-closing the window doesn't impact the security of the Fulcio certificate or signatures.

To get the best experience with gitsign, configure the identity provider you want to use. For example:

git config --global gitsign.connectorID https://accounts.google.com

To get the best experience with chainctl, configure the identity provider you want to use. For example:

chainctl config set default.social-login google-oauth2

About

Chrome extension to manage Sigstore and Chainguard auth windows

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published