verify-blob not working with HashiCorp Vault

[simonostendorf]

Description

I cant use cosign verify-blob with --key hashivault://.

I am signing my test blob using:

$ cosign sign-blob --yes --tlog-upload=false --key hashivault://test main.tf --output-signature main.tf.sig
Using payload from: main.tf
Wrote signature to file main.tf.sig

When I try to verify the blob using the follwing command, I get an error:

$ cosign verify-blob --private-infrastructure=true --key hashivault://test --signature="$(cat main.tf.sig)" main.tf
Error: failed vault verification
error during command execution: failed vault verification

When I export the public key and write it to the file key.pub, I can verify the signature:

$ cosign verify-blob --private-infrastructure=true --key key.pub --signature="$(cat main.tf.sig)" main.tf
Verified OK

Version
Currently using 2.6.1 because of the new bundle format.