mirror of https://github.com/docker/docs.git
Clarify where signing and verification happen (#5149)
This commit is contained in:
Misty Stanley-Jones
GitHub
parent
4bbaa46993
commit
60286e718b
|
|
@ -11,7 +11,7 @@ operates on. You use Docker Engine to push and pull images (data) to a public or
|
||||||
gives you the ability to verify both the integrity and the publisher of all the
|
gives you the ability to verify both the integrity and the publisher of all the
|
||||||
data received from a registry over any channel.
|
data received from a registry over any channel.
|
||||||
|
|
||||||
## Understand trust in Docker
|
## About trust in Docker
|
||||||
|
|
||||||
Content trust allows operations with a remote Docker registry to enforce
|
Content trust allows operations with a remote Docker registry to enforce
|
||||||
client-side signing and verification of image tags. Content trust provides the
|
client-side signing and verification of image tags. Content trust provides the
|
||||||
|
|
@ -30,6 +30,11 @@ ensure that the images they use are signed. Publishers and consumers can be
|
||||||
individuals alone or in organizations. Docker's content trust supports users and
|
individuals alone or in organizations. Docker's content trust supports users and
|
||||||
automated processes such as builds.
|
automated processes such as builds.
|
||||||
|
|
||||||
|
When you enable content trust, signing occurs on the client after push and
|
||||||
|
verification happens on the client after pull if you use Docker CE. If you use
|
||||||
|
Docker EE with UCP, and you have configured UCP to require images to be signed
|
||||||
|
before deploying, signing is verified by UCP.
|
||||||
|
|
||||||
### Image tags and content trust
|
### Image tags and content trust
|
||||||
|
|
||||||
An individual image record has the following identifier:
|
An individual image record has the following identifier:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue