We are very excited to announce the alpha release of Rekor v2!
Rekor v2 is a redesigned and modernized Rekor, Sigstore’s signature transparency log, transitioning its backend to a modern, tile-backed transparency log implementation to simplify maintenance and lower operational costs.
Major changes include:
- A new storage backend, replacing Trillian with Trillian-Tessera. Tile-based logs are cheaper to run and easier to deploy, maintain and scale. To learn more about the benefits of tile-based logs, read this blog post
- A redesigned and simplified API, using the learnings from operating public-good Rekor over the past 2 years
- Stronger security guarantees that the log remains append-only by integrating witnessing directly into Rekor (To be implemented)
For the initial release, we are providing a binary and container for developers. Note that the API and libraries are likely to change, and we don’t recommend deploying this in a production environment at this time. If you have any feedback or find bugs, please file an issue.
To learn more about the goals and design of the project and to download the latest release, go to sigstore/rekor-tiles, the temporary repository for this project. You can also follow along with development on our project tracker.
In the upcoming beta launch, we plan to have client compatibility with the new API along with an instance of Rekor v2 in our staging environment. Look forward to a GA production launch later this year!
If you have any questions, please reach out on Slack on the #rekor channel.