diff --git a/pkgs/tools/security/rekor/default.nix b/pkgs/tools/security/rekor/default.nix
new file mode 100644
index 00000000000..b260d46f934
--- /dev/null
+++ b/pkgs/tools/security/rekor/default.nix
@@ -0,0 +1,51 @@
+{ lib, buildGoModule, fetchFromGitHub }:
+
+let
+  generic = { pname, subPackages, description, postInstall }:
+    buildGoModule rec {
+      inherit pname;
+      version = "0.1.1";
+
+      src = fetchFromGitHub {
+        owner = "sigstore";
+        repo = "rekor";
+        rev = "v${version}";
+        sha256 = "1hvkfvc747g5r4h8vb1d8ikqxmlyxsycnlh78agmmjpxlasspmbk";
+      };
+
+      vendorSha256 = "0vdir9ia3hv27rkm6jnvhsfc3mxw36xfvwqnfd34rgzmzcfxlrbv";
+
+      inherit subPackages postInstall;
+
+      meta = with lib; {
+        inherit description;
+        homepage = "https://github.com/sigstore/rekor";
+        changelog = "https://github.com/sigstore/rekor/releases/tag/v${version}";
+        license = licenses.asl20;
+        maintainers = with maintainers; [ lesuisse ];
+      };
+    };
+in {
+  rekor-cli = generic {
+    pname = "rekor-cli";
+    subPackages = [ "cmd/cli" ];
+    # Will not be needed with the next version, the package as been renamed upstream
+    postInstall = ''
+      if [ -f "$out/bin/cli" ]; then
+        mv "$out/bin/cli" "$out/bin/rekor-client"
+      fi
+    '';
+    description = "CLI client for Sigstore, the Signature Transparency Log";
+  };
+  rekor-server = generic {
+    pname = "rekor-server";
+    subPackages = [ "cmd/server" ];
+    # Will not be needed with the next version, the package as been renamed upstream
+    postInstall = ''
+      if [ -f "$out/bin/server" ]; then
+        mv "$out/bin/server" "$out/bin/rekor-server"
+      fi
+    '';
+    description = "Sigstore server, the Signature Transparency Log";
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 7ac76781243..c21d9efd7dd 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7706,6 +7706,10 @@ in
 
   retext = libsForQt5.callPackage ../applications/editors/retext { };
 
+  inherit (callPackage ../tools/security/rekor { })
+    rekor-cli
+    rekor-server;
+
   richgo = callPackage ../development/tools/richgo {  };
 
   rs = callPackage ../tools/text/rs { };