CoursesHelmAdvanced

Signing, provenance & OCI

Trust the charts you deploy.

Advanced14 min · lesson 11 of 12

A chart deploys arbitrary workloads with your credentials, so trusting where it came from matters. Helm supports provenance: signing a chart with a GPG key produces a .prov file, and helm install --verify (or helm verify) checks the signature and the chart’s integrity hash before installing. This proves the chart is the one the publisher signed and was not tampered with in transit or in a compromised repo.

SIGNING & VERIFYING A CHART
1helm package --sign
GPG key produces .tgz + .prov
2Publish
HTTP repo or helm push to OCI registry
3helm verify / --verify
checks signature + integrity hash
4Install
refuses if unsigned or tampered
On OCI registries, sign with Cosign and verify at admission with Kyverno/policy-controller — the same trust toolchain used for container images.
terminal
$ helm package --sign --key 'ops@acme' --keyring ~/.gnupg/secring.gpg ./payments-api
# produces payments-api-1.4.0.tgz and payments-api-1.4.0.tgz.prov
$ helm verify payments-api-1.4.0.tgz
Signed by: Acme Ops <ops@acme>
$ helm install payments ./payments-api-1.4.0.tgz --verify # refuses if unsigned/tampered

OCI registries and modern supply chain

Helm charts increasingly live in OCI registries (the same registries that hold container images) instead of HTTP repos — helm push oci://... and helm install oci://.... That unlocks the container supply-chain toolchain: you can sign charts with Cosign and verify them at admission with Kyverno or the policy-controller, exactly as you do images in the CI/CD supply-chain course. Storing charts as OCI artifacts unifies chart and image trust under one system.

terminal
$ helm push payments-api-1.4.0.tgz oci://registry.internal/charts
$ cosign sign registry.internal/charts/payments-api:1.4.0 # keyless signing
# verify at admission with the same policy engine that gates images
Unverified charts are unverified code in your cluster
Pulling a chart from a public repo without verification means trusting whatever that repo serves today — a compromised repo or a typo-squatted chart name can ship you hostile manifests. Pin versions, verify provenance (GPG .prov or Cosign on OCI), prefer charts from sources you can authenticate, and render-and-review anything unfamiliar before it touches the cluster.