crwood
commented
3 years ago This may be out-of-scope but another suggestion relating to this trust-anchoring problem might be to take additional measures to ensure that the Docker image itself can be built reproducibly (such that any party/user can build the image locally and verify that its hash is identical to that of the one hosted on Docker Hub). There are multiple tools/approaches to achieve this (but I haven't yet attempted this myself and cannot make an concrete recommendations as to how to best proceed).
this can be done on two different levels
Using upon fetching the KV image from docker hub by verifying the signer
docker trust inspect --pretty $IMAGE_NAME:$IMAGE_TAGUsing tools to compare md5 or hashes of files in KV file system to ensure no tampering occurred before starting the initialization process of the vault. i.e https://github.com/jessek/hashdeep