Add troubleshooting note about cosign login

GSA-TTS · Jun 21, 2024 · 42805b6 · 42805b6
1 parent c3ab3ab
commit 42805b6
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/_articles/platform-gitlab-imagesigning.md b/_articles/platform-gitlab-imagesigning.md
@@ -71,3 +71,11 @@ bin/sign_image.sh <accountid>.dkr.ecr.us-west-2.amazonaws.com/cd/terraform_plan:
 
 Notice that we are signing a particular sha256 digest, not an image tag. Tags
 can change for an image, but not the digest, so that's what we want to use.
+
+### Troubleshooting
+
+If you get a `401 Unauthorized` error with cosign, you may need to `cosign login`.
+
+```
+aws-vault exec tooling-prod-admin -- aws ecr get-login-password --region us-west-2 | cosign login --username AWS --password-stdin XXX.dkr.ecr.us-west-2.amazonaws.com
+```