docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #622 from docker/snapshot-docs 

Include note about docker1.11 default snapshot key behavior
This commit is contained in:
David Lawrence 2016-03-14 17:39:54 -07:00
parent cd0b43a6b8 b5b3d7c7c8
commit 751f6b5a26
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/advanced_usage.md
View File

@ -95,6 +95,9 @@ notary server will then sign snapshots. This is particularly useful when using
delegations with a trusted collection, so that delegates will never need access to the delegations with a trusted collection, so that delegates will never need access to the
snapshot key to push their updates to the collection. snapshot key to push their updates to the collection.
Note that new collections created by a Docker 1.11 Engine client will have the server manage the snapshot key by default.
To reclaim control of the snapshot key on the client, use the `notary key rotate` command without the `-r` flag.
### Use a Yubikey ### Use a Yubikey
Notary can be used with [Yubikey Notary can be used with [Yubikey
@ -120,6 +123,7 @@ targets key or allow a collaborator write access to all targets of the
collection. collection.
Before adding any delegations, you should rotate the snapshot key to the server. Before adding any delegations, you should rotate the snapshot key to the server.
Note that this is done by default for new collections created with a Docker Engine 1.11 client.
This is such that delegation roles will not require the snapshot key to publish This is such that delegation roles will not require the snapshot key to publish
their own targets to the collection, since the server can publish the valid their own targets to the collection, since the server can publish the valid
snapshot with the delegation targets: snapshot with the delegation targets: