Sigstore · Capability

Rekor — pubkey

Rekor — pubkey. 1 operations. Lead operation: Retrieve the public key that can be used to validate the signed tree head. Self-contained Naftiko capability covering one Sigstore business surface.

Run with Naftiko Sigstorepubkey

What You Can Do

GET
Getpublickey — Retrieve the public key that can be used to validate the signed tree head
/v1/api/v1/log/publickey

MCP Tools

retrieve-public-key-that-can

Retrieve the public key that can be used to validate the signed tree head

read-only idempotent

Capability Spec

rekor-pubkey.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Rekor — pubkey
  description: 'Rekor — pubkey. 1 operations. Lead operation: Retrieve the public key that can be used to validate the signed
    tree head. Self-contained Naftiko capability covering one Sigstore business surface.'
  tags:
  - Sigstore
  - pubkey
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    SIGSTORE_API_KEY: SIGSTORE_API_KEY
capability:
  consumes:
  - type: http
    namespace: rekor-pubkey
    baseUri: http://rekor.sigstore.dev
    description: Rekor — pubkey business capability. Self-contained, no shared references.
    resources:
    - name: api-v1-log-publicKey
      path: /api/v1/log/publicKey
      operations:
      - name: getpublickey
        method: GET
        description: Retrieve the public key that can be used to validate the signed tree head
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: treeID
          in: query
          type: string
          description: The tree ID of the tree you wish to get a public key for
  exposes:
  - type: rest
    namespace: rekor-pubkey-rest
    port: 8080
    description: REST adapter for Rekor — pubkey. One Spectral-compliant resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/v1/log/publickey
      name: api-v1-log-publickey
      description: REST surface for api-v1-log-publicKey.
      operations:
      - method: GET
        name: getpublickey
        description: Retrieve the public key that can be used to validate the signed tree head
        call: rekor-pubkey.getpublickey
        with:
          treeID: rest.treeID
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: rekor-pubkey-mcp
    port: 9090
    transport: http
    description: MCP adapter for Rekor — pubkey. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: retrieve-public-key-that-can
      description: Retrieve the public key that can be used to validate the signed tree head
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: rekor-pubkey.getpublickey
      with:
        treeID: tools.treeID
      outputParameters:
      - type: object
        mapping: $.