docs: refactor - take 2

docs/key-management.md

@@ -0,0 +1,42 @@
+# Key Generation
+
+You can generate keys using:
+
+1. [Official Binary](https://docs.sigstore.dev/system_config/installation/)
+
+    - Save keys in local files
+
+        ```sh
+        COSIGN_PASSWORD=<your_private_key_password> cosign generate-key-pair
+        ```
+
+        Output files:
+
+        - `cosign.pub`: public key.
+        - `cosign.key`: private key.
+
+    - Save keys in GitHub Action Secrets
+
+        ```bash
+        GITHUB_TOKEN=xxx cosign generate-key-pair github://dodopizza/app
+        ```
+
+        Output GitHub Action Secrets for keys:
+
+        - `COSIGN_PASSWORD`: password for the private key.
+        - `COSIGN_PUBLIC_KEY`: public key.
+        - `COSIGN_PRIVATE_KEY`: private key.
+
+        **Note:** You can't export the public key with `cosign` from GitHub Action Secrets.
+
+2. [Docker Image by VMware](https://hub.docker.com/r/bitnami/cosign/)
+
+    ```sh
+    docker run --rm -it \
+    -e COSIGN_PASSWORD=<your_private_key_password> \
+    -v "$(pwd):/keys" \
+    -w /keys \
+    bitnami/cosign:latest \
+    generate-key-pair
+    ```
+For more documentation and sample policies, refer to: [docs.sigstore.dev/key_management](https://docs.sigstore.dev/key_management/)

docs/policy-controller.md

@@ -0,0 +1,30 @@
+
+# Configure Policy controller in kubernetes cluster
+
+Install helm chart from official repository:
+
+1. Add the Sigstore Helm repository:
+
+    ```sh
+    helm repo add sigstore https://sigstore.github.io/helm-charts
+    ```
+
+2. Update your local Helm chart repository cache:
+
+    ```sh
+    helm repo update
+    ```
+
+3. Install the `policy-controller` chart from the Sigstore repository:
+
+    ```sh
+    helm install policy-controller sigstore/policy-controller
+    ```
+
+    Using a `values.yaml` file:
+
+    ```sh
+    helm install policy-controller sigstore/policy-controller -f values.yaml
+    ```
+
+Helm chart documentation: [artifacthub.io/packages/helm/sigstore/policy-controller](https://artifacthub.io/packages/helm/sigstore/policy-controller)

docs/policy.md

@@ -0,0 +1,30 @@
+# Create Policies
+
+Sample policy:
+
+```yaml
+apiVersion: policy.sigstore.dev/v1alpha1
+kind: ClusterImagePolicy
+metadata:
+  name: custom-key-attestation-sbom-spdxjson
+spec:
+  images:
+  - glob: "**"
+  authorities:
+  - name: custom-key
+    key:
+      data: |
+        -----BEGIN PUBLIC KEY-----
+        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOc6HkISHzVdUbtUsdjYtPuyPYBeg
+        4FCemyVurIM4KEORQk4OAu8ZNwxvGSoY3eAabYaFIPPQ8ROAjrbdPwNdJw==
+        -----END PUBLIC KEY-----
+    attestations:
+    - name: must-have-spdxjson
+      predicateType: https://spdx.dev/Document
+      policy:
+        type: cue
+        data: |
+          predicateType: "https://spdx.dev/Document"
+```
+
+For more documentation and sample policies, refer to: [docs.sigstore.dev/policy-controller/sample-policies](https://docs.sigstore.dev/policy-controller/sample-policies/)