Skip to main content

stores

A Store resource defines how to discover and retrieve reference types for a subject. Please review doc here for a full list of store capabilities. To see more sample store configuration, click here. Each resource must specify the name of the store.

apiVersion: config.ratify.deislabs.io/v1beta1
kind: Store
metadata:
name:
spec:
name: required, name of the store
address: optional. Plugin path, defaults to value of env "RATIFY_CONFIG" or "~/.ratify/plugins"
source: optional. Source location to download the plugin binary, learn more at docs/reference/dynamic-plugins.md
parameters: optional. Parameters specific to this store

Oras

An implementation of the Referrer Store using the ORAS Library to interact with OCI compliant registries.

Sample Oras yaml spec:

apiVersion: config.ratify.deislabs.io/v1beta1
kind: Store
metadata:
name: store-oras
spec:
name: oras
parameters:
cacheEnabled: true
capacity: 100
keyNumber: 10000
ttl: 10
useHttp: true
authProvider:
name: k8Secrets
secrets:
- secretName: ratify-dockerconfig
NameRequiredDescriptionDefault Value
cosignEnablednoThis must be true if cosign verifier is enabled. Read more about cosign verifier here.false
authProvidernoThis is only required if pulling from a private repository. For all supported auth mode, please review oras-auth-provider docdockerAuth
cacheEnablednoOras cache, cache for all referrers for a subject. Note: global cache must be enabled firstfalse
ttlnoTime to live for entries in oras cache10 seconds
useHttpnoThis needs to be set to true for local insecure registriesfalse