In the ClusterImagePolicy spec.authorities list, add an authority with a keyless block
Set keyless.url to https://fulcio.sigstore.dev for the public Fulcio instance
Under keyless.identities add one or more identity objects; each can use issuer (exact match) or issuerRegExp, and subject (exact match) or subjectRegExp
For GitHub Actions keyless signing set issuer to https://token.actions.githubusercontent.com and subject or subjectRegExp to match the workflow ref (e.g., https://github.com/org/repo/.github/workflows/build.yaml@refs/heads/main)
Apply the updated ClusterImagePolicy and test with an image signed by the expected identity; images signed by a different OIDC identity should be rejected
Known gotchas
The subject in a Fulcio certificate for GitHub Actions is the workflow ref URI, not an email address; using an email-style subject with GitHub Actions OIDC will never match
issuer and subject perform exact string comparisons; use issuerRegExp and subjectRegExp for wildcards, but anchor regex patterns to avoid inadvertent broad matches
If a TrustRoot CR is needed for a custom Fulcio/Rekor deployment, reference it via keyless.trustRootRef rather than the public Fulcio URL
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp