roman-vynar
commented
7 years ago It would be great if the image for a security tool in particular is signed.
Closed rhuddleston closed 3 weeks ago
roman-vynar
commented
7 years ago It would be great if the image for a security tool in particular is signed.
mikesplain
commented
6 years ago That's a great suggestion, that said we use auto builds on docker hub. As far as I know they don't support signing? If @rhuddleston or @roman-vynar has suggestions, I'm open to it.
roman-vynar
commented
6 years ago Yea, it's not supported with auto-builds but as long as the releases are not often, it may be ok pushing by some other mean of automation. From my side, I can provide the brief instructions how to achieve image signing using Docker Hub Notary. You would need to keep a copy of the keys and passphrases to use when pushing a new image.
$ export DOCKER_CONTENT_TRUST=1 $ docker pull mikesplain/openvas:9 Error: remote trust data does not exist for docker.io/mikesplain/openvas: notary.docker.io does not have trust data for docker.io/mikesplain/openvas
Any chance you could sign your images with notary for dockerhub?