Signing, provenance & OCI
Trust the charts you deploy.
A chart deploys arbitrary workloads with your credentials, so trusting where it came from matters. Helm supports provenance: signing a chart with a GPG key produces a .prov file, and helm install --verify (or helm verify) checks the signature and the chart’s integrity hash before installing. This proves the chart is the one the publisher signed and was not tampered with in transit or in a compromised repo.
$ helm package --sign --key 'ops@acme' --keyring ~/.gnupg/secring.gpg ./payments-api# produces payments-api-1.4.0.tgz and payments-api-1.4.0.tgz.prov$ helm verify payments-api-1.4.0.tgzSigned by: Acme Ops <ops@acme>$ helm install payments ./payments-api-1.4.0.tgz --verify # refuses if unsigned/tampered
OCI registries and modern supply chain
Helm charts increasingly live in OCI registries (the same registries that hold container images) instead of HTTP repos — helm push oci://... and helm install oci://.... That unlocks the container supply-chain toolchain: you can sign charts with Cosign and verify them at admission with Kyverno or the policy-controller, exactly as you do images in the CI/CD supply-chain course. Storing charts as OCI artifacts unifies chart and image trust under one system.
$ helm push payments-api-1.4.0.tgz oci://registry.internal/charts$ cosign sign registry.internal/charts/payments-api:1.4.0 # keyless signing# verify at admission with the same policy engine that gates images