From bcf2168b884c58acac543ab0fdd79f721d39cc40 Mon Sep 17 00:00:00 2001 From: Nicolas Favre-Felix Date: Mon, 15 Feb 2021 10:33:44 -0800 Subject: [PATCH] Add Docker Content Trust example --- README.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7f197fb..30cc214 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ $ docker stop webdis-test 0d2ce311a483 ``` -## Docker repositories +## Docker repositories and Docker Content Trust Webdis images are published on [Docker Hub](https://hub.docker.com/r/nicolas/webdis) and [Amazon ECR](https://gallery.ecr.aws/s0s0y5j7/webdis). @@ -44,7 +44,27 @@ Webdis images are published on [Docker Hub](https://hub.docker.com/r/nicolas/web $ docker pull nicolas/webdis:0.1.12 $ docker pull nicolas/webdis:latest ``` -Starting from release `0.1.12`, Docker Hub images are signed ([download public key](nicolasff.pub)). +Starting from release `0.1.12` and including `latest`, Docker Hub images are signed ([download public key](nicolasff.pub)). You should see the following key ID if you verify the trust: + +``` +$ docker trust inspect nicolas/webdis:0.1.12 --pretty + +Signatures for nicolas/webdis:0.1.12 + +SIGNED TAG DIGEST SIGNERS +0.1.12 d88b2319e6f4aeb323e98f30780fdd4231911d24c855a0722ee8c8f84405ea30 nicolasff + +List of signers and their keys for nicolas/webdis:0.1.12 + +SIGNER KEYS +nicolasff dd0768b9d35d + +Administrative keys for nicolas/webdis:0.1.12 + + Repository Key: fed0b56b8a8fd4d156fb2f47c2e8bd3eb61948b72a787c18e2fa3ea3233bba1a + Root Key: 40be21f47831d593892370a8e3fc5bfffb16887c707bd81a6aed2088dc8f4bef +``` + **Amazon Elastic Container Registry (ECR)**