diff --git a/clusters/j7s-cluster/secrets/container-cosign.pub b/clusters/j7s-cluster/secrets/container-cosign.pub
new file mode 100644
index 0000000..25240d2
--- /dev/null
+++ b/clusters/j7s-cluster/secrets/container-cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8YhtjWEWky7GKwgarbuVTRqG2gXr
+4lFe4ezy5aPG7IBnnGTJIB6FLkD/51vYx8891Rc5lSb7U5ImJihqibGEOw==
+-----END PUBLIC KEY-----
diff --git a/clusters/j7s-cluster/secrets/kustomization.yaml b/clusters/j7s-cluster/secrets/kustomization.yaml
index 1dcbfe5..fe6f9b2 100644
--- a/clusters/j7s-cluster/secrets/kustomization.yaml
+++ b/clusters/j7s-cluster/secrets/kustomization.yaml
@@ -5,3 +5,4 @@ resources:
 - sealed-gitea-token.yaml
 - sealed-harbor-login.yaml
 - sealed-deploy-credentials.yaml
+- sealed-container-signing-secret.yaml
diff --git a/clusters/j7s-cluster/secrets/sealed-container-signing-secret.yaml b/clusters/j7s-cluster/secrets/sealed-container-signing-secret.yaml
new file mode 100644
index 0000000..1c581cf
--- /dev/null
+++ b/clusters/j7s-cluster/secrets/sealed-container-signing-secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: container-signing-secret
+  namespace: j7s-ci
+spec:
+  encryptedData:
+    cosign.key: AgBA7LQzab/cC6DHMNd1DdIRuMXtMBmbKgXLWswnePj/C+myjvSziVBxnuZjIOwgMNcyFFbmWEhCDcdiYlTYA4ckR9aEra2nKBH+W2s/wADFPtLMMXyvNwovJGnCXav9IEIVwcjxB7fV5NLbs14bYffNdfrbofgB0B8cxBtqMDjsN/zUboVOT/tU3DyfEx2wC6SiI3u7X7OQThWUgLeHXB4AslgDT5wsx1UEq6QdMz5GiU8Ov6oqMmjwwX4iwgSyN80C8CzYnROP9sKBhgic8hW/Y8KVWZBhxIEfEUe1xG7aQ2p5BP0FA15yySXx7Y3GA/c1zFdtmOCrka3YYGyywbTRm0vNTambJVOLmkg53VyiEEPbi52q9yAX+PjIHn6uZImbMCTZgrEcn/H6POqGzAE3KHbUwfQH1Gk/SAIZ2SDasBureb55auur9sxA7O8I/70uyTwYYe8SynavQ9N4ZsJGFchbEsm0S2BFCD12qMbpfXAGaS+HkJk3u+oZ/WLR3nD5+zaY5XnxKTmtWIaPy6p3bc+UhZm55SrFwqn9HAJ7tAXgKx7r45S0dLvqtIl3mmIKfbYZ8ECYgCcRXpxX/3vgLPbFeJM49txSpiNklGfsk2WF2/q7bCtfeOai0s9TMZudf8j3nilp3FjwU/yNuyAhBx1yxEu5dK/8ZJ/k8ilkDTyujf5KQLZwdLIlksQOeosihg+pk2m0tG/GhbaecOAT9TjQWxO2K00BE8pDmZBs48s83qW5K3HGSxUvNsahdmb5/5Sk5tx3JC+Ubfy9OBacq1qqDLzD7xOU714c67uamXFo/6fnLyZuUZD3EG6jztSC2jIRuxOIg1pQd97Ewfn8yl9X9t9covoErtA+iYsMoj0NBm8zmEq3Q7viiHAy59YM380ip1AvsYIEbx5Kpuis31OdHyB8aoDhI+OSReR3WvpOPOEGXSPgqRv/InwbId/MfuZEQu429RQIVeqUV1/Dd9uwmmi3ouRvfWBaHhWWWrmN+A4pgmGADgLiRs4/M+atxNUJkJYryJWZ280afdl1M7Koht1XyROyjfMWaNrvbtODAP8foRg42xgfYVUmo2fdbBwBNtR+HXEBsT63ilZvE1QWFJoBIyCU1Lbh4nZp71Kam6ylA6QkY86G+KBUIUD5iFYVluNs2tDn0vDvmdA5OUsHrIiOxMlE2BoyOPg0HtniKVEvLp0IEZyxx88N94kMxrJ891mWsYLL6/al4YKbJjHS+5Xp1EO2hht8CHN4P9z1OIKi45BVqfmTetq0wuU0X0fRzG83raEecwH4EdYahvm0MyCCBy8yen1tIFYiIDYCNQPMpOItYW6QahEQJtbKLkgWEOH5xVCigPQwUIDFxTcYI/6UU5Fs0wpWZ5iHYdUIkDM1IPsSPmlEE3U/ltWZmBRHVXs9jX7j0y2GOykB67ZI3cRqZo/eqzDdeMjSrFyM/v6yZTitOz10077p9wESnwuMmKt0sDtT/j53OQ1ueR5xqSPnFEcyRYdfcf6bvwUrqCsBha6aQ6IyKCZZzvS9fwQm0OFy+Mt8Ob96uE4SC0EuTPwXhDaD
+    cosign.password: AgCeaJHR0p/+kqm+8nmzEHHDsgJokCsnBcUWLSQ9oe+SWG+B8R6GW3w0u14jOEG99Ia3qcRDeB2y5cW6BMtxyg6A9QMF+Xwpg/+4Njbdb0xGSBlg6pdFXHYjO2DtYvhlotHBtoNKpjLDBkHkLNjWrxBC+SnlUVFSw2NmoBYxJkMJyOXn0oy56NFfLBlysLMY9pjsCWIno1qiZQb9sqJ6GF+zP0CZ9kYa2L/+oYNmZfH7iAnxH6zTv2u1Hq5Xe4JPhGFD+1QgYEWwwzYnd/4ReuATqw8rh5pVUIetMqQJv6qdSz2vIfsotPqlLkOVOwRgtox2OWV3pyaEWvbfya+QF8Jre1ZRAaHpnRwJTnSuA1CYQb55DGpyBneBMst/ukeFuTUAc6s72JO6jo4xXravWg5aVrHpZf4fg0QdGW1O8gwh5LdywhTnMgRhTIdbX+yFH1+E5SKb5O+AypkTF6284e6C2ine+vgf6Yf/MMv0WBBwyAKSjp538kv6HZho/CvVDs58vaDRdShObZ2r2YqlmYfAUrUTE7vgm/aTXWwHS+sVru/q+LTGkJ3KYcof/XtjWBlDe75VPg/b9GTHot7HKYAAbc/2CVuOR8o1fMKe/XByzKSIVRqaXxeAvCsGPDWgRXxd+tV3ncAvXwS/tVnAEP017Z5QPqaL8sMHLXZfpIcW+y5YvJbuPZ7/nNf+gG7BQUyhWxew
+  template:
+    metadata:
+      creationTimestamp: null
+      name: container-signing-secret
+      namespace: j7s-ci
+    type: Opaque
+