Rekor v2, aka rekor-tiles or Rekor on Tiles, is a redesigned and modernized Rekor, Sigstore's signature transparency log, transitioning its backend to a modern, tile-backed transparency log implementation to simplify maintenance and lower operational costs.
More information (documents are shared with sigstore-dev, join the group to get access):
The Sigstore community hosts a productionized instance of Rekor v2 with a 99.5% availability SLO. See the status page for uptime metrics.
Use the public-good instance's TUF repository to determine the URL of the active instance. Note that the community instance's URL will change approximately every 6 months when we "shard" the log, creating a new log instance to keep the size of the log maintainable. Sigstore clients will pull the latest log shard URL from the TUF-distributed SigningConfig, and will fetch both active and inactive shard public keys from the TrustedRoot.
As of October 2025, we have not yet distributed the current Rekor v2 URL in the SigningConfig, to give users adequate time to update their clients to support verifying entries from Rekor v2. We are planning to distribute the latest Rekor v2 URL by end of 2025/early 2026.
If you want to start using Rekor v2, construct a signing config, using the
TUF-distributed signing config
as a base, and adding the following instance as the first entry in the rekorTlogUrls list:
{
"url": "https://log2025-1.rekor.sigstore.dev",
"majorApiVersion": 2,
"validFor": {
"start": "2025-10-06T00:00:00Z"
},
"operator": "sigstore.dev"
},
Note: We will eventually turn down the 2025 Rekor v2 instance when we deploy a 2026 instance. We strongly advise against hardcoding this URL into any pipelines that cannot be easily updated.
We provide prebuilt binaries and containers for private deployments.
- Download the latest binary from Releases
- Pull the latest container from GHCR
- Install Rekor v2 via Helm
If you find any issues, follow Sigstore's security policy to report them.
Run docker compose up --build --wait to start the service along with emulated Google Cloud Storage and Spanner instances.
Run docker compose down to turn down the service, or docker compose down --volumes to turn down the service and delete
persisted tiles.
Follow the client documentation for constructing a request and parsing a response.
Run unit tests with go test ./....
Follow the end-to-end test documentation for how to run integration tests against a local instance.