Select release
Introduction

Home

Installation

Configuration

Monitoring

Console Installation and Configuration

Integration

Artifact Signing

Migration Instructions

API Reference

General Principles

Admin API

Audit API

Authentication API

Passkeys API

Communication API

Operations API

Registrations API

Reference

Callbacks API (Webhooks)

Configuration Properties

Console Configuration Properties

Database Structure

Internal Architecture

Additional Topics

Database Setup for PostgreSQL

Database Setup for Oracle

Database Setup for MSSQL

Examples

Examples of Operation Types

Artifact Signing

View product develop

All PowerAuth Cloud Docker images are signed using Cosign. Each image also has an attached Software Bill of Materials (SBOM) in CycloneDX format, expect the init image.

Verify the Docker Image Signature

To verify that a Docker image has been signed by Wultra, run:

wget https://raw.githubusercontent.com/wultra/wultra-infrastructure/refs/heads/develop/public-keys/cosign.pub
cosign verify \
    --key cosign.pub \
    wultra.jfrog.io/wultra-docker/powerauth-cloud:${VERSION}

Download and Inspect the SBOM

To download the attached SBOM:

cosign download attestation \
    wultra.jfrog.io/wultra-docker/powerauth-cloud:${VERSION} \
    | jq -r '.dsseEnvelope.payload' | base64 -d | jq '.predicate'

To verify the SBOM attestation signature before trusting it:

wget https://raw.githubusercontent.com/wultra/wultra-infrastructure/refs/heads/develop/public-keys/cosign.pub
cosign verify-attestation \
    --key cosign.pub \
    --type cyclonedx \
    wultra.jfrog.io/wultra-docker/powerauth-cloud:${VERSION}
Last updated on May 05, 2026 (09:31) View product
On this page:
Search

develop

PowerAuth Cloud