Confidential computing is a breakthrough security technology. With it data can be kept encrypted during processing. Tools in the confidential computing space utilize these new concepts to provide fully-encrypted, high security environments, but as everyone in security knows: you are only as strong as your weakest link. Supply Chain Security is one of our industries weakest links. This talk will provide a deep drive of how Sigstore can help confidential (and other high security) products maintain a high level of security, keep their trusted compute base minimal, all the while preserving a high engineering velocity. To that end we will sketch out an architecture to build and sign in the cloud without malicious actors being able to steal signing keys or tamper with build processes. We will also show a live working demo of how such a system could be realized.