You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fully disconnected (air-gapped) environments cannot upload to any transparency log—public or private. Currently there is no way to sign bundles without network connectivity to a Rekor instance.
Proposal
Add a --tlog-upload flag (default true) to aicr bundle that disables transparency log uploads when set to false. Combined with KMS-backed signing (#407), this enables fully offline bundle attestation.
New Flag
Flag
Type
Default
--tlog-upload
bool
true
Behavior
When --tlog-upload=false, AICR skips the Rekor transparency log upload during signing
Must be combined with --signing-key <kms-uri> (keyless signing requires Fulcio, which requires network)
No operational metadata leaves the network perimeter
The resulting bundle is still a valid cosign bundle, verifiable with --insecure-ignore-tlog or offline verification
Validation Combinations
Signing Method
tlog-upload
Valid?
Use Case
Keyless (OIDC)
true
Yes
Default public Sigstore
Keyless (OIDC)
false
No
Keyless requires Fulcio network access
KMS key
true
Yes
KMS + public/private transparency log
KMS key
false
Yes
Air-gapped: fully offline signing
AICR should reject the invalid combination (keyless + no tlog) at flag validation time with a clear error message.
Verification in Air-Gapped Environments
Verification uses the KMS public key and skips tlog verification:
Updated 2026-06-02: confirmed accurate against the current signing path; added the concrete code location.
Today, SignStatement in pkg/bundler/attestation/signing.gounconditionally wires sign.NewRekor into the bundle options. The flag needs to make that Rekor step conditional on --tlog-upload.
Problem
Fully disconnected (air-gapped) environments cannot upload to any transparency log—public or private. Currently there is no way to sign bundles without network connectivity to a Rekor instance.
Proposal
Add a
--tlog-uploadflag (defaulttrue) toaicr bundlethat disables transparency log uploads when set tofalse. Combined with KMS-backed signing (#407), this enables fully offline bundle attestation.New Flag
--tlog-uploadtrueBehavior
--tlog-upload=false, AICR skips the Rekor transparency log upload during signing--signing-key <kms-uri>(keyless signing requires Fulcio, which requires network)--insecure-ignore-tlogor offline verificationValidation Combinations
AICR should reject the invalid combination (keyless + no tlog) at flag validation time with a clear error message.
Verification in Air-Gapped Environments
Verification uses the KMS public key and skips tlog verification:
Implementation Notes
SignStatementinpkg/bundler/attestation/signing.gounconditionally wiressign.NewRekorinto the bundle options. The flag needs to make that Rekor step conditional on--tlog-upload.bundleCmdOptions→attestation.ResolveOptions→SignOptionsalongside the--signing-keyplumbing from feat(bundle): KMS-backed signing for CI/CD environments without OIDC #407.aicr bundle-signsubcommand; signing is folded intoaicr bundle --attest.Dependencies
--signing-keyflag). Air-gapped signing is only meaningful with a key-based path, since keyless requires Fulcio network access.--fulcio-url/--rekor-url)Success Criteria
aicr bundle --signing-key gcpkms://... --tlog-upload=falseproduces a valid signed bundle with no network calls to Rekor--tlog-upload=falsewithout--signing-keyis rejected with a clear errormake testandmake lintpass with no regressions