Skip to content

sigstore-python

Home

sigstore-python

Home

Introduction

sigstore is a Python tool for generating and verifying Sigstore signatures. You can use it to sign and verify Python package distributions, or anything else!

Features

Support for keyless signature generation and verification with Sigstore
Support for signing with "ambient" OpenID Connect identities
A comprehensive CLI and corresponding importable Python API

Installing `sigstore`

python -m pip install sigstore

See installation for more detailed installation instructions or options.

Using `sigstore`

You can run sigstore as a standalone program, or via python -m:

sigstore --help
python -m sigstore --help

Use sigstore to sign
Use sigstore to verify

SLSA Provenance

This project emits a SLSA provenance on its release! This enables you to verify the integrity of the downloaded artifacts and ensured that the binary's code really comes from this source code.

To do so, please follow the instructions here.