Sign Artifact

Add an Artifact Signing (SscaArtifactSigning) step to an existing Harness pipeline. The step retrieves an artifact from a registry or local workspace, signs it with Cosign, and optionally pushes the .sig signature file back to the registry.

This skill only works with existing pipelines — do not create standalone signing-only pipelines.

Prerequisites: Container images must be built and pushed (or available in registry) before signing. Key-based signing requires Cosign key pair file secrets (/create-secret). Harness docs note that Deploy-stage signing is not yet supported — prefer CI or Security stages.

Guide the user through a step-by-step interactive wizard (same UX as /verify-sign):

• Wizard: references/interactive-wizard-flow.md
• UI ↔ YAML: references/artifact-signing-step.md
• CD note: references/cd-containerized-step-group.md