sigstore · ltagliaferri · Nov 22, 2023 · Nov 21, 2023 · Nov 21, 2023 · Nov 22, 2023
diff --git a/content/en/signing/signing_with_blobs.md b/content/en/signing/signing_with_blobs.md
@@ -12,9 +12,9 @@
 Cosign supports identity-based signing, associating an ephemeral signing key with an identity from an OpenID Connect provider. We refer to this process as "keyless signing". You use `cosign sign-blob` to sign standard files as well as blobs. You can store signature and certificate information either as separate file, or in a bundled text file, but using a bundle is the recommended way of signing a blob, as users can specify just the bundle name instead of separate files for the signature and certificate.  Use the `cosign` command to sign:

 ```shell
 $ cosign sign-blob <file> --bundle cosign.bundle
 ```
 The bundle is output as a `base64` encoded string that contains the certificate and signature. In addition, signatures are output as `base64` encoded strings to stdout by default. 

 When using `cosign sign-blob` in keyless mode, you need to store the bundle for verification. If you don't want to use the bundle, you can direct the output of the certificate by using the `--output-certificate` and `--output-signature` flags. The result from using the output flags:

@@ -50,7 +50,7 @@
 Certificate wrote in the file cert.pem
 ```


 ## Signing with a key

 While keyless signing is recommended, you may specify your own keys for signing.  You will need the password for the private key to sign:
@@ -81,7 +81,7 @@
 Your users can download it from the "direct" URL with standard tools like curl or wget:

 ```shell
 $ curl -L gcr.io/v2/user/demo/artifact/blobs/sha256:97f16c28f6478f3c02d7fff4c7f3c2a30041b72eb6852ca85b919fd85534ed4b > artifact
 ```

 The digest is included in the URL, so users can check that as well:
@@ -94,5 +94,12 @@
 You can sign it with the normal `cosign sign` command and flags:

 ```shell
 $ cosign sign gcr.io/user/demo/artifact
 ```
+## Non-Interactive Signing with the Yes Flag
+
+In situations where automated signing is required, such as within CI/CD pipelines, the `--yes` flag becomes essential. This flag, when used with signing commands, bypasses any confirmation prompts, enabling a smooth, uninterrupted signing process. This is particularly crucial in automated environments where manual input isn't feasible. The `--yes` flag ensures that your signing operations can proceed without manual intervention, maintaining the efficiency and speed of your automated workflows.
+
+```
+cosign sign-blob --yes -key cosign.key myregistry/myimage:latest
+```