Add Docker Content Trust example

4 years ago · bcf2168b88
parent 8f33c4b298
commit bcf2168b88
1 changed files with 22 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -34,7 +34,7 @@ $ docker stop webdis-test
 0d2ce311a483
 ```

-## Docker repositories
+## Docker repositories and Docker Content Trust

 Webdis images are published on [Docker Hub](https://hub.docker.com/r/nicolas/webdis) and [Amazon ECR](https://gallery.ecr.aws/s0s0y5j7/webdis).

@ -44,7 +44,27 @@ Webdis images are published on [Docker Hub](https://hub.docker.com/r/nicolas/web
 $ docker pull nicolas/webdis:0.1.12
 $ docker pull nicolas/webdis:latest
 ```
-Starting from release `0.1.12`, Docker Hub images are signed ([download public key](nicolasff.pub)).
+Starting from release `0.1.12` and including `latest`, Docker Hub images are signed ([download public key](nicolasff.pub)). You should see the following key ID if you verify the trust:
+
+```
+$ docker trust inspect nicolas/webdis:0.1.12 --pretty
+
+Signatures for nicolas/webdis:0.1.12
+
+SIGNED TAG   DIGEST                                                             SIGNERS
+0.1.12       d88b2319e6f4aeb323e98f30780fdd4231911d24c855a0722ee8c8f84405ea30   nicolasff
+
+List of signers and their keys for nicolas/webdis:0.1.12
+
+SIGNER      KEYS
+nicolasff   dd0768b9d35d
+
+Administrative keys for nicolas/webdis:0.1.12
+
+  Repository Key:	fed0b56b8a8fd4d156fb2f47c2e8bd3eb61948b72a787c18e2fa3ea3233bba1a
+  Root Key:	40be21f47831d593892370a8e3fc5bfffb16887c707bd81a6aed2088dc8f4bef
+```
+

 **Amazon Elastic Container Registry (ECR)**