Signing and Verifying Images with Docker Content Trust
Explore how to configure Docker Content Trust to sign and verify images, ensuring integrity and publisher authenticity. Learn to create cryptographic keys, associate them with repositories, and enforce trust policies for secure Docker image management.
Ensuring image integrity with DCT
Docker Content Trust (DCT) makes it simple for you to verify the integrity and publisher of images and is especially important when you’re pulling images over untrusted networks such as the internet. At a high level, DCT lets you sign your images when you push them to registries like Docker Hub. It also lets you verify the images you pull and run as containers.
You can also use DCT to provide context, such as whether or not a developer has signed an image for use in a particular environment, such as prod or dev, or whether an image has been superseded by a newer version and ...