Software signing is an important aspect of security. It is imperative to verify any software you run on your system has not been tampered with, and Docker images are no exception. Docker Content Trust enables you to sign and verify images before downloading or running them on your system. In this lab, you will have the opportunity to work with Docker Content Trust (DCT) by signing a previously unsigned image and running it on a system that has DCT enabled.
Successfully complete this lab by achieving the following learning objectives:
- Generate a Trust Key and Add Yourself as a Signer to the New Repository
- Generate a trust key.
- Create a new passphrase for your key when prompted.
- Add yourself as a signer to the
- Create passphrases for the new root key and new repository key when prompted.
- Create a New Tag for the Image, Sign It, and Push It to the Registry
- Create a new tag for the image.
- Sign the image and push it to the registry.
- Enter the passphrase you created earlier for the trust key.
- Verify that you can run the signed image.
- If you want to test the image further, you can query the tea list web service. (You should see generated JSON data that contains a list of the various kinds of tea.)