docs: Ensure the storage backend to store OCI signatures is set to oci (

#907) We need to ensure that the storage backend to store OCI signatures is enabled and is set to `oci`. This is especially true when we come to this tutorial after passing the Getting started one[1]. Otherwise the command: cosign verify --key cosign.pub $REGISTRY/kaniko-chains returns nothing [1]. https://tekton.dev/docs/chains/getting-started-tutorial/ Signed-off-by: Sergiy Kulanov <[email protected]>
tektoncd · Sep 12, 2023 · 409e13a · 409e13a
1 parent 70c8c7d
commit 409e13a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/docs/tutorials/signed-provenance-tutorial.md b/docs/tutorials/signed-provenance-tutorial.md
@@ -57,13 +57,15 @@ You'll need to make these changes to the Tekton Chains Config:
 
 * `artifacts.taskrun.format=slsa/v1`
 * `artifacts.taskrun.storage=oci`
+* `artifacts.oci.storage=oci`
 * `transparency.enabled=true`
 
 You can set these fields by running
 
 ```shell
 kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.format": "slsa/v1"}}'
 kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.storage": "oci"}}'
+kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.oci.storage": "oci"}}'
 kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"transparency.enabled": "true"}}'
 ```
 
@@ -124,7 +126,7 @@ You should see verification output for both!
 ## Finding Provenance in Rekor
 
 To find provenance for the image in Rekor, first get the digest of the `$REGISTRY/kaniko-chains` image you just built.
-You can look this up in the TaskRun, or pull the image to get the digest. 
+You can look this up in the TaskRun, or pull the image to get the digest.
 
 You can then search rekor to find all entries that match the sha256 digest of the image you just built with the [rekor-cli](https://github.com/sigstore/rekor/releases/) tool: