Obtain an OIDC identity token from a supported provider (Google, Microsoft, GitHub Actions, or another configured issuer)
Generate an ephemeral key pair locally; the private key will be used to sign the challenge and later to sign artifacts
Submit a certificate signing request to Fulcio's CreateSigningCertificate endpoint: include the OIDC token, the public key, and a proof-of-possession signature over the OIDC token subject field
Fulcio verifies the OIDC token with the issuer, checks the proof-of-possession signature, and issues an X.509 certificate embedding the OIDC subject and issuer as SAN extensions; the certificate is valid for approximately 10 minutes
Receive the certificate chain in the response; use the private key together with this certificate to sign artifacts within the validity window
Discard or destroy the ephemeral private key after signing; the certificate and signature in Rekor provide the permanent audit record
Known gotchas
The Fulcio certificate is valid for only about 10 minutes; if artifact signing takes longer than this window, the signing operation must be restarted with a fresh OIDC token and new ephemeral key pair
Fulcio embeds the OIDC subject as a SAN URI or email in the certificate; the exact format depends on the issuer type (email for Google, URI for GitHub Actions workload identity)
In practice, cosign automates this entire flow transparently during cosign sign; direct Fulcio API interaction is needed only when building custom signing tooling or integrating a non-cosign signer
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp