Supply chain security - Chronosphere Documentation

Cosign keys
GPG keys
Artifacts released on or after 2026-03-24
Artifacts released before 2026-03-24
SBOM and other reports

Part of security is ensuring that the software supply chain is as secure as possible. As part of secure development practices, Chronosphere provides the following keys you can use to verify the signatures of Chronosphere Telemetry Pipeline software.

Cosign keys

Cosign is a tool to sign, verify, and store software artifacts in an OCI (Open Container Initiative) registry. You can use a tool like the Kubernetes Policy Controller to verify supply chain metadata from Cosign. The Chronosphere Telemetry Pipeline public Cosign key is available here.

GPG keys

GPG (GNU privacy guard) is an open source implementation of the OpenPGP protocol. You can verify the signature of Telemetry Pipeline packages to ensure that the signature is valid.

Artifacts released on or after 2026-03-24

Use the following GPG key to verify Telemetry Pipeline software packages released on or after 2026-03-24:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGnC7BsBEAClg8NHbhbkfNWGga3MWQQVw90j5Mt7mfjoxlYUHnUAyFTIYltj
V9aSYHb317kK3y/cbmi7/W23E4F4WhBh81dDjCKAwz0oLawd8oObTkVy//23mhg4
O+CdW6vLmIEKe9xMKR60TMmT5wdmYKuF0lrpGghrZjj1gQFpmgiBy637Va/3SvTh
0pe5PyaOB7Mcw6bOaO7N2dVCDXXZyFH783OyxNWkq9QsG3/1fXSnfqLZM9+iQzQU
bpHBVEA/AUzuWjqsQCp3BESjSIVAHhmbAa6kqvthpeUHSUE4F4h76C8DovDxmXGR
4ku4A/FgeU4vB72bqL4CmQLESWEFKduyqfYDV3gCW+XcKppoOBfT7YrX0sntVGil
frHlFhS7lrHfkYO4sFwtwsrR5GJem4J6P0XuiGHd1Mf03jfzoXGkhNas9wKTmbV4
nGnGD97lFcL8W+nvCv5oCQ2fgY2LjtaEIFNmF3BJFcRoRk+R+7lhb8LdxFrbuJLH
YZi0UBcHLpECXKO/svnTe/BtFprTmpbPAOir6K8ZW8OyjNmfl8/8CvLOSQ27z8uF
TTHCOaWiOV0sXxgOSACGfcsIL/bjSLMshFTuSpDWpg76hf9ZkFeolBJ/ihYAla3Q
09axEcZWIdS1X3Usjua7Tn+kRcV+xdlXzXC5NirnCVeq/2jY3agy3UbsrQARAQAB
tDRDYWx5cHRpYSBSZWxlYXNlcyA8ZW50ZXJwcmlzZS1yZWxlYXNlc0BjYWx5cHRp
YS5jb20+iQJ0BBMBCABeFiEEvT7lcYkwNwhNTR/PF8YicL6I/s8FAmnC7BsbFIAA
AAAABAAObWFudTIsMi41KzEuMTIsMCwzAxsvBAUJB4TOAAULCQgHAgIiAgYVCgkI
CwIEFgIDAQIeBwIXgAAKCRAXxiJwvoj+z8XxEACOWh0R8k858+re6+KWDcEYxcPK
YQ7eh0Aca8G7ikLoXwKun7h7QS90f+GgZYXnDPljiabTotTN+/cZSIzwOqWDZnq6
gxbHw9b7Mmr6BU0aMgDpknK5OmT7W/HabSfZPqOt7QTZj7wbYdnOiVA4XCnC5T4L
4PfeN9Zk+yNw6SSdnN6TKNyVJYN0Gw1+UWbDU1xCv54jkQreOjiSi0Gx3ojwZzfJ
zHB2TTmJ6M+tnd+GPyJpP1KkoBeFtrHvZwJP/OsTg9fHcYUGzBgqior7Ep9kia9p
+G6RYF1rw2OpeLgtLbgezJQVTCGDJ/u59/6/Hp8V9erHjaQVNb9CO8f7hZ4eO1jk
H6vm39I9yzhADU8cr8rbK0x15LwYolHPyTKfmd5jKikrh70cv+pyaMGuly47MrUG
nk9qX3S6kA2I8lHvuCDE2uhkL9Rny617ZfQNRiyGZ/dTyaDapAnkklyxks5LQrbG
kONzFOHEE5uugHNfDBIQV9mNOie0pFC6CXzyiYDlsYuavSaF1beANY6xVtXM71m+
RE+YFmrsMSm/dUJ3WYztcCVjIKDc+tmpsp5OW6Ew8Iiry4RLliMUBSXpJ0L4txYq
kncVhaDgdY0j+YstgZfZ6KQTNVycxDwb/Un+zoY4/R3MCxPswtPkEsLyneIVD65Z
8XIVsFxF/IqrVYMYkLkCDQRpwuwbARAA2g2vOZT7OsretkyJpkbw2VRx85vXR25P
f+JlMLMUio3O4K+IOJ6yE1Q08tXRdqT0lvFoFSiMotg/Hsh9+Tq7E/Gay3zkDiBv
3AEKC5r7v8udzvZKeyPeRTj/GaE9FkR4o2qs9dOjY7i5k8Y1W1e6ZbioznbhInAC
gHu0JZ4jy/PUycbP6SjG3Azx14PDEWXY5f0nlQ8AgdAzUfBtNcjHsJGlv574ViU8
bZzvXtXyQoaSwDek/+ompoPF/qIB+vyPkAcdJqZCphwaOVgCVaT4KY54xTs2J585
3T4kNlz4CW1anlqfrsrAR/uvx83lD1uZi5jU5lt97I52SDfX48chsJelbQCiDnHx
wZ+B2vVjPtRK2tmbHSI3Xp1QwIVpvF78BwowxuE0hSWiuCA5IVhFYG4OoX95hv67
gaqQjlBAgJmbeT1a4XDyDU+HoCRMUYeaJmVu1ecGl/vFccUBs3w9nQz/ziddj1db
2Mpab5qe7hBW4n8QF8j5aEiejIQvDg+Stdz+NvPmZa+UEgM9yaLKbW5klR1vF99s
wmUoI5oQuJvX0n+fw0VjHQUB9wzw40RtplDrGJicoBfYXai01GHm6BNCdZgnSHmY
SUlQZKePshFBemvY+d4SHRs/vt6G23hQJqRexe48auIqLNJQLYecPFntY+rTkAdI
lHol1UHVEr0AEQEAAYkEjgQYAQgAQhYhBL0+5XGJMDcITU0fzxfGInC+iP7PBQJp
wuwbGxSAAAAAAAQADm1hbnUyLDIuNSsxLjEyLDAsMwIbLgUJB4TOAAJACRAXxiJw
voj+z8F0IAQZAQgAHRYhBDzWFPakNZ8mpZNlW3zldFDizbTiBQJpwuwbAAoJEHzl
dFDizbTi6O8P/3+1GL13J/KO4Rg9p/lX5liBos7RUgB/dZgI5pVEu5xUPa468Bgt
G3Y2A/TpBuo99iQHi0Dcvg7/diQZ4XVscRhT0SSnlShWn2mQmMxy9Q+DiMe10vvE
ZiO5PEaK8zAJuFdDSIFK2RVNSGvAwyuraX6FBVWrNYiuF1as4u7JOMlj0BCmpRtv
fFsFE3yzuGt5i0UnMy7bYG9BZSrNg6/ppw3Ot+l1JaXX3R5uJaS4GIGRFPYh+aYb
d+W/cWizRyMl8idXMwxZJlt7rCZ1+6VlcrqLRe6eNe6jajkPVvR0zCx9QzST92Oq
ouvX3uN++VCZtCn2U/eJ/3zImSHfd0n+0Prp0DfjLpw/WyFhhO9zhLdM6Rn5zv9l
/iY2rcFbA6SsS9fDa4Rp4GDk7BbGw4DtjwECdoB8JjWo6peM815G9EEvfpYIGKC+
G/fily9HkD8NwJBYGnXay5Ypzsqq+1KMfWuddv4/RocEv4xAhM28BqiqBSA2ufdl
4QxV+l78i99ze+Gter7bZPe7G+ZWhEH6CFQ20drB3D9Frf2ASjNtwZmLdUgTrxSM
vGbHJV/UQhT+1Iz/tAUW7uhLQyRdY5v3FHjjdd+XQIXiizcUNMfU4k8W4f1J9yc9
+fwj8L0NufwkukAvELEISJU7dJtnf6v/OS+/BfQCMKIoHnP6EMl3fe5TXbYP/0wt
mY7rPdFDDASE+zYXtZqA9Z2tFL+DYkoSxljaxM39VZY+L9usJhwOxQeUpu9T/Rs+
jn8psPbtPzOatTdrjZ5q1V4CgyM8wA8YWnmkxnMWaNz+579l05W+v4sIfrALBg7+
QI2LDOuBsTOf72w16OhY1yrnjoCbCbPDDWmc6NfeblOdZMcdu9fHfa1Sxsxekmdi
xVeMFW+nIxZj6WZB3zM0behMbkKUVaqJURlMZARW9kU3/WzU04zcHCAEgD86WEC3
u/GHmGQRPhLH3i7I9gatg9wpVEzB7zi/CqHCHyDqMswLGo0WACUy52orKe4RDuvl
HTsfy3Xq16S3QMVMxE6gYokjQhLCFYmx0wM9YKK7YgrEIpQvaMkFgzP+qryowXJ/
MrWBnt7+p1RUPhohKq3e9TpPlSXcGdCpwrbtTEBOfU6j7GyhNC+HuS9Tq3WZUNY4
VXV5iR1SYRo0gel8LiEn17K9ijSO2Dfq5IFoORYqeQjit14rAF3o/3aVjDjZ3b7r
8SYDaWsUqjBDtzoDlTg5eECnPXTGPD5nf5hf+483nPCZ7dzB7yTJduSXKdZKA986
LzEN2BZ60NoGW6zIjhEQdhEBT6PXCWTQvrgJDDbcc3cNYeXfIC0uGMiUH0vADkzM
19LZ1COhlt2MRlu7sFA/2ufrCWwgDMF8GdW1Ygm1
=o9Md
-----END PGP PUBLIC KEY BLOCK-----

When you verify the Telemetry Pipeline public GPG key, the information output to your terminal should match this key fingerprint:

pub   rsa4096 2026-03-24 [SCEAR] [expires: 2030-03-23]
      BD3EE571893037084D4D1FCF17C62270BE88FECF
uid                      Calyptia Releases <enterprise-releases@calyptia.com>
sub   rsa4096 2026-03-24 [SEA] [expires: 2030-03-23]
      3CD614F6A4359F26A593655B7CE57450E2CDB4E2

Artifacts released before 2026-03-24

Use the following GPG key to verify Telemetry Pipeline software packages released before 2026-03-24:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGI8PcIBEADZ0fizLscKGjhrg0tC5IZUTasN3uJIqNtAIRl48Zr26UYPsnjE
TIXiANnruf0OzEm2f9KsfVETubawAV/b1gMGcv7vYVm6IxDvWQpUb01ooPvzqH6d
Gn2Gq7LTq5t2+/1MZii0ZNkaoKsB6GiGO1gJE0flGvCASE3m0wPbZv+Q5sJ8wNcu
uL/lDurM8twKJAQVBPaXadY1dxl0UDOF0w+vTtTxFAHh0apNqNYQLXjjc2TcaDdL
MnLg6AUGBZhhgIPECdG6XLxkVGqTMLBhBEtohMtVGznRr5gicIn0jX57ueDiftuc
QOnm/ZEvBuiNAW6PRtvuqW/+PHZ1pVUP1z1rcCWqYJK471I5W11r1BH738arJy1T
kzciHjraum10dDLoB0Ly/NDf/0XFkLS4A009BRxo4N6FRVN8OP6t8zktxAZTuawH
MTpTJD8+lGJju4R/AA+H01m3cixM4ffy1zuwqlH4IWRlkysRwlHtxfu+9PYA7GjX
d+uQJPKYYAaG7LloTIxcQ01yZ63FB97CLAd05Bmq3eQpQw/9iP8OP6Ska827Gjfg
0pgG4HEOk2ykyCFeSj8vW4frzhhas/YuDvKhxXZf8jaKJFAbxuHW4rBv5OUUckCw
PQDEiIsB465eIIaSrjjD9yhZKB9BBFAPHCvptbjvhvQ/x0MxSEcVOv81LQARAQAB
tDRDYWx5cHRpYSBSZWxlYXNlcyA8ZW50ZXJwcmlzZS1yZWxlYXNlc0BjYWx5cHRp
YS5jb20+iQJUBBMBCAA+FiEECKp3AN5X5P1iQ9xRuOWmBtZ6eVIFAmI8PcICGwMF
CQeGH1MFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQuOWmBtZ6eVIC1BAAjsPs
nUz4OxS8JrLho68hNa+4xaWrlXqVt47MfHbOl0RplH0iKa/E47nRYJ10QdGaPKZG
60prudoS7kfrD9qrONcuJPYa1XeB6fYs1K3yaDcEbTGCtJtICChrBvLkfwK0CcIF
H4NzFLaSJOJLDtC0gFW6A7kWzosjK7WJ5fwr/JWwND62usTwrCCHHRX/u6ecI6PT
RakzUl3SVhAmEstoiX/X7wZw6PF/hNqV7T9CtbsVy8DpCGamCccCrrDHb3WZpFpR
cb4pxBIeXtP5dzmK0RKRuaKQtcfx7bYuqpNB89fzPkaBoER0VLuAvY3ml336WJn6
WG9lyJI/N97bXWe/dYqo/xb1isVWHT0mYXP7a3M3wcKMeyW0ZYQ8m+jJXnhlG45h
Vqwub+UL0ymi6JuopQH6kDVMGjFoG1oU14RJMABbvLoDBPtdP03No6jxCkqVHZTL
OPV5hNbYX0fevHIKT6L0Wj42uExIb27M23c4iaDgAboewNF3vCVw9McuWTrp+5bL
HCIjYhPSN7Uu/62+KlGWI1d8MeigWyHOX9QisVrm7e/eTvGkciVvQAs2S1v7yqGc
DgBTscOR0ie7XBDy57JrLMrt540Lfc1WaarfAJVqEg+XeU9zwKhw3IYiMULi8+5t
doPOndkv/rZNQnNdoj7DSx5zBHhpGL/rDA2Ovf+5Ag0EYjw9wgEQALY1aY+G1AOe
LpB/3Ptdw2vpqEViJx47FrEoMeIQunKJ2nxQ5Zxxyy8qnbYmpD399wteN8u++kPw
uxeNhEPVjJd/hZ+aKiSdIIAQw9LabAU9zGkyTcipRU/FpfGb97PShnEKn5y8l+5J
VOifBP2pfazwoFEZ38rkhMg9qnn9yU+WffzNvLAK9QiYywMSgwkQyEoK5DOLusLr
y0b5CU7CyE/WCo1NWI6vKEMb20D/bFpYbLzTP80h5SaUY7jrl4YVx6pkDnbuv0cF
5XRROGZWFORx0jqSFI3r5m+2Bfua/pMrBSIrqy8n9nB0T0Q4c/6JJugnIk0ujgpz
ZiHFox6fo5mWA5kbrb9UkdOoCCC6gXWcwcRdLy6DnkRROFdOTB2j3wph6pzNVfJx
Er97yymS1FrwxUDVgWNQm6pIaJPnF1ttVAs7ofHPSs9jyA0jnFlEhw9Zsu+jhUBS
BQYjqb/Xma+YegZHK9lcOLpPHxI9mJnWKYbmaz7fXL4aRoYVscKDAvpByxphRoVi
+AB6P7I/dkk/cj6W6kDAbr5f3htUFRYl7I4CoC/GaDxTFU7DyiWpeqyUZ83074Di
zplgCBJ5D7A9+6ZdppfidX4jBbrg1mNihHgMfnZ1W2OQkRli+2BnA8x3HxfFZo10
Ay9Uz6LwLyc9SoziOeupddl5YBlvdVnhABEBAAGJAjwEGAEIACYWIQQIqncA3lfk
/WJD3FG45aYG1np5UgUCYjw9wgIbDAUJB4YfUwAKCRC45aYG1np5UglyD/9Xs1ZW
6vNbY4jvQkLoboOE6QMRM9rmsRxq8mHoTrcXS8nlh/4TaUSn/IX8QFNel4PKT7bo
TYfds5xONC59Nw7LJUs6VPdg8I6L3w7WE94uAweLVa3Dr5/mKJ5khK63XBhywGK4
DO4o3RHWdbgfHBo3dOT9C3TYJSc/O2IQEPINQkDYz4MnUOQvZbPU34GkOVCPK73b
m/Kw9mRADcwuLKP7hN1JH4RZfGCr5TgaYQABNa/k/wG63QND9+20nUhbUFvCQqnL
t3FPcJYkArbSigivmrbwNvlhzmAuS0m1iutVhlAtgBw3DaF8VAaf6pYQBNKk804W
XzqjH2dys8ZEALDFwW1y4J91MjM24ziHXrAY3/cnwN530QF/HLeE+lqeIXpm5Hi1
BdD26CXrRRrtfTjAHG/mZwkA7mA6GR7cpQWJ4d1gorKj3ofTOKcakIoD1yk/x4X1
nN2gI7le7dV0YuzLncGh51bnCmBSYbnoD+vZ88LbB5IjOZRYYwSOLyyCFfwVzLDG
eCPl42gf2624An19rUlCMoBom0CFblN8tlmWu7FSgD3zd3u7cAG5ktOiLtad98xB
PmdXROjwdDdvPiBiC36Wf6qhshQKJ2OEK/x0He3Vd6vXQyV8SFIAukv9bWZEbhFr
nnZ6mGB2zREpsL/HoaG4no46tHvWfhanTEGEoA==
=33Bk
-----END PGP PUBLIC KEY BLOCK-----

When you verify the Telemetry Pipeline public GPG key, the information output to your terminal should match this key fingerprint:

pub   rsa4096 2022-03-24 [SC] [expires: 2026-03-24]
      08AA 7700 DE57 E4FD 6243  DC51 B8E5 A606 D67A 7952
uid                      Calyptia Releases <enterprise-releases@calyptia.com>
sub   rsa4096 2022-03-24 [E] [expires: 2026-03-24]

SBOM and other reports

Software bill of materials (SBOMs) are generated for each release, along with Common Vulnerabilities and Exposures (CVE) reports at the time of release. To access these materials, contact Chronosphere support.

Chronosphere Telemetry Pipeline architecture

Telemetry Pipeline release notes