On this page
article
Content Trust and Integrity checks
Content Trust and Integrity checks
Docker Content Trust (DCT) makes it simple and easy to verify the integrity and the publisher of images that you download and run. This is especially important when pulling images over untrusted networks such as the internet.
docker trust key generate sangam
Generating key for sangam...
Enter passphrase for new nigel key with ID 1f78609:
Repeat passphrase for new nigel key with ID 1f78609:
Successfully generated and loaded private key.... public key available: /root/sangam.pub
$ docker trust signer add --key sangam.pub sangam sangam14/dct
Adding signer "nigel" to sangam14/dct...
Initializing signed repository for sangam/dct...
Enter passphrase for root key with ID aee3314:
Enter passphrase for new repository key with ID 1a18dd1:
Repeat passphrase for new repository key with ID 1a18dd1:
Successfully initialized "sangam14/dct"
Successfully added signer: nigel to sangam14/dct
docker trust sign sangam14/dct:signed
docker trust inspect sangam14/dct:signed --pretty
Enabling DCT
$ export DOCKER_CONTENT_TRUST=1
verify the image
docker image pull sangam14/dct:unsigned
No valid trust data for unsigned
Last updated 29 Apr 2024, 11:44 +0530 .