Is there signed version of this image?

[QianYC]

Hi team,

I'm Microsoft internal user, I'm using this image to support our timer triggered azure functions hosted in AKS. We enforce image integrity on the cluster via ratify, which refused to deploy this azurite image because it lacks valid signature. I wonder if you could offer a ESRP signed version of this image?

Thanks!

[blueww]

@QianYC

Would you please indicate where do you get Azurite? npm/Docker/ VS(exe) or docker?

[QianYC]

@blueww I get azurite from MCR: mcr.microsoft.com/azure-storage/azurite:latest

[EmmaZhu]

Hi @QianYC , See your requirement here. I'll need to take a look into docker image signing process. Will get back to you with any update.

[QianYC]

Hi @EmmaZhu, I wonder if there is any update? Thanks!

[EmmaZhu]

Hi @QianYC ,

I still cannot figure out the way to sign docker image with ESRP. I see a work item for ESRP team to support signing docker images but still not resolved.

I have taken a look into ratify, seems it supports to sign docker image with a private key which ESRP won't share to individuals.

Now I'm stuck here. If you are aware of a way to sign docker image, can you share with us? Really appreciate any help.

Thanks Emma

[QianYC]

@EmmaZhu yes I did find some docs regarding how to use ESRP to sign container images. I'm not sure if it's ok to share the link here, could you tell me your alias so that I can ping you in person? Thanks!

[EmmaZhu]

My alias is emmazhu.