- A Cloud Guru
Working with Docker Content Trust
Software signing is an important aspect of security. It is imperative to verify any software you run on your system has not been tampered with, and Docker images are no exception. Docker Content Trust enables you to sign and verify images before downloading or running them on your system. In this lab, you will have the opportunity to work with Docker Content Trust (DCT) by signing a previously unsigned image and running it on a system that has DCT enabled.
Table of Contents
Generate a Trust Key and Add Yourself as a Signer to the New Repository
- Generate a trust key.
- Create a new passphrase for your key when prompted.
- Add yourself as a signer to the
- Create passphrases for the new root key and new repository key when prompted.
Create a New Tag for the Image, Sign It, and Push It to the Registry
- Create a new tag for the image.
- Sign the image and push it to the registry.
- Enter the passphrase you created earlier for the trust key.
- Verify that you can run the signed image.
- If you want to test the image further, you can query the tea list web service. (You should see generated JSON data that contains a list of the various kinds of tea.)
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.