From 8f33c4b298eb393d626bf4e92ea49f8233073498 Mon Sep 17 00:00:00 2001
From: Nicolas Favre-Felix <n.favrefelix@gmail.com>
Date: Sat, 13 Feb 2021 03:20:08 -0800
Subject: [PATCH] Publish Docker Content Trust public key

---
 README.md     | 2 ++
 nicolasff.pub | 6 ++++++
 2 files changed, 8 insertions(+)
 create mode 100644 nicolasff.pub

diff --git a/README.md b/README.md
index 0f01a18..7f197fb 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ Webdis images are published on [Docker Hub](https://hub.docker.com/r/nicolas/web
 $ docker pull nicolas/webdis:0.1.12
 $ docker pull nicolas/webdis:latest
 ```
+Starting from release `0.1.12`, Docker Hub images are signed ([download public key](nicolasff.pub)).
 
 **Amazon Elastic Container Registry (ECR)**
 
@@ -51,6 +52,7 @@ $ docker pull nicolas/webdis:latest
 $ docker pull public.ecr.aws/s0s0y5j7/webdis:0.1.12
 $ docker pull public.ecr.aws/s0s0y5j7/webdis:latest
 ```
+ECR images are not signed at this time, but they use the exact same hash as the Docker Hub images which _are_ signed.
 
 # Build and run a Docker image locally
 
diff --git a/nicolasff.pub b/nicolasff.pub
new file mode 100644
index 0000000..ff68c30
--- /dev/null
+++ b/nicolasff.pub
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+role: nicolasff
+
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUI/LpQETC4jOXvURenSFUUDtdCsB
+o76W6tp1jL+8XBaB18Q++1OtCi/ulbNpduH64QPlpDAWN6Ao5Mw9M2nC9w==
+-----END PUBLIC KEY-----