We have been using content trust (notary) to sign our images when building and sending them to a third party repository.
We make use of docker stack deploy to pull in all the required images that need to go on a particular device but we noticed that compose is not making use of notary to confirm that the images being pulled down have a tag record in the notary server thus marking it a trusted content.
We need to make sure that the images stored at the third party site have not be compromised from the day we uploaded them to the time they are deployed in production. Why doesn't docker stack respect the environment variables DOCKER_CONTENT_TRUST and DOCKER_CONTENT_TRUST_SERVER when running the pull command like the docker client does?
We have been using content trust (notary) to sign our images when building and sending them to a third party repository.
We make use of docker stack deploy to pull in all the required images that need to go on a particular device but we noticed that compose is not making use of notary to confirm that the images being pulled down have a tag record in the notary server thus marking it a trusted content.
We need to make sure that the images stored at the third party site have not be compromised from the day we uploaded them to the time they are deployed in production. Why doesn't docker stack respect the environment variables DOCKER_CONTENT_TRUST and DOCKER_CONTENT_TRUST_SERVER when running the pull command like the docker client does?
Could this please be fixed?