Errors to load a .key

Using Jenkins
1

Jenkins setup:

Host: Ubuntu 22.04
Jenkins Version: 2.440.1

Hi Guys!

I load my cosing.key in Jenkins like a file. When a run my pipeline:

pipeline {
    agent any

    environment {
        DOCKER_VERSION = "v1.0" // Puedes cambiar esto por la versión que desees
        DOCKER_REGISTRY = "safernandez666"
        COSIGN_PUBLIC_KEY = credentials('cosign-public-key')
        COSIGN_PRIVATE_KEY = credentials('cosign-private-key')
    }

    stages {
        stage('cleanup') {
            steps {
                sh 'docker system prune -a --volumes --force'
            }
        }
        stage('docker build') {
            steps {
                script {
                    sh "docker build -t ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION} -t ${DOCKER_REGISTRY}/webserver:latest -f Dockerfile ."
                }
            }
        }
        stage('docker push') {
            steps {
                script {
                    sh "docker push ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION}"
                }
            }
        }
        stage('sign the container image') {
            steps { // Credenciales cargadas en GitHub
                withCredentials([file(credentialsId: 'cosign-private-key', variable: 'COSIGN_PRIVATE_KEY_FILE')]) {
                    sh 'cosign version'
                    sh "cosign sign --key ${COSIGN_PRIVATE_KEY_FILE} ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION}"
                }
            }
        }
    }
}

I have this error.

[Pipeline] sh

  • cosign version
    ______ ______ . __ _______ . .
    / | / __ \ / || | / || \ | |
    | ,----‘| | | | | (----| | | | __ | \| | | | | | | | \ \ | | | | |_ | | . |
    | ----.| –’ | .----) | | | | |    | | | |\ |
    _    | ______/ |    _/ || __| || _|
    cosign: A tool for Container Signing, Verification and Storage in an OCI registry.

GitVersion: v2.0.0
GitCommit: d6b9001f8e6ed745fb845849d623274c897d55f2
GitTreeState: clean
BuildDate: 2023-02-23T19:26:35Z
GoVersion: go1.20.1
Compiler: gc
Platform: linux/amd64

[Pipeline] sh
Warning: A secret was passed to “sh” using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [COSIGN_PRIVATE_KEY_FILE]
See https://jenkins.io/redirect/groovy-string-interpolation for details.

  • cosign sign --key **** safernandez666/webserver:v1.0
    Enter password for private key: Error: signing [safernandez666/webserver:v1.0]: getting signer: reading key: inappropriate ioctl for device
    main.go:74: error during command execution: signing [safernandez666/webserver:v1.0]: getting signer: reading key: inappropriate ioctl for device

I am lost…Can you give me some light?

Thanks!

2

First you should use single quotes
sh 'docker build -t ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION} -t ${DOCKER_REGISTRY}/webserver:latest -f Dockerfile .'

And you obviously have secured your private key with a password. So when you try to run the command, then it will ask for the password to the key.
Try

withCredentials([file(credentialsId: 'cosign-private-key', variable: 'COSIGN_PRIVATE_KEY_FILE', passphraseVariable: 'COSIGN_PRIVATE_KEY_PASS')]) {
                    sh 'cosign version'
                    sh 'echo $COSIGN_PRIVATE_KEY_PASS | cosign sign --key ${COSIGN_PRIVATE_KEY_FILE} ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION}'
}

But I don’t know if this will work