--- tags: E2E --- # Build, cose sign, and verify container images using Notary and Azure Key Vault ## Overview This document describes a workflow, linux ## Install the notation CLI and AKV plugin ### Developer installation of notation ``` git clone -b cose https://github.com/notaryproject/notation.git cd notation/cmd/notation go build . cp notation /usr/local/bin ``` ### Developer installation of notation Azure Key Vault plugin ``` git clone -b cose-dev https://github.com/chloeyin/notation-azure-kv.git cd notation-azure-kv/cmd/notation-azure-kv go build . mkdir -p ~/.config/notation/plugins/azure-kv cp notation-azure-kv ~/.config/notation/plugins/azure-kv/ ``` > The following steps are not ready, please refer this guide temporarily: https://github.com/Azure/notation-azure-kv/blob/main/docs/quick-start.md > using additional parameter `--envelope-type=cose` for cose sign ## Configure environment variables ### Configure AKV resource names ### Configure ACR and image resource names ## Store the signing certificate in AKV ### Create a self-signed certificate (Azure CLI) ## Build and cose sign a container image ### Sign using cose envelope by default ## View the graph of artifacts with the ORAS CLI ## Verify the container image ## Next steps