In particular, when communicating over an untrusted medium such as the internet, it is critical to ensure the integrity and the publisher of all the data a system operates on.
Docker Content Trust(DCT) provides strong cryptographic guarantees over what code and what versions of software are being run in your infrastructure.
When a publisher using Docker Content Trust pushes an image to a remote registry, Docker Engine signs the image locally with the publisher’s private key.
When the user later pulls this image, Docker Engine uses the publisher’s public key to verify that the image is exactly what the publisher created, has not been tampered with, and is up to date.
There are 4 major steps to setup DCT.
1)Generate Docker Content Trust Key
2)Add the Signer to the Docker Repository
3)Sign the Image
4)Enable Content Trust at the Docker host
By following above 4 steps we can set DCT.
Thank you for sharing Srini! :)
ReplyDeleteThanks Amol
Delete