Updated Notary Git URL, Added a Docker Client Config Section, Expanded Trust initiated documentation

engine/security/trust/content_trust.md

@@ -121,7 +121,7 @@ First we will add the delegation private key to the local Docker trust
 repository. (By default this is stored in `~/.docker/trust/`). If you are 
 generating delegation keys with `$ docker trust key generate`, the private key 
 is automatically added to the local trust store. If you are importing a separate 
-key, such as one from the UCP you will need to use the 
+key, such as one from a UCP Client Bundle you will need to use the 
 `$ docker trust key load` command.
 
 ```
@@ -156,7 +156,6 @@ Adding signer "jeff" to dtr.example.com/admin/demo...
 Enter passphrase for new repository key with ID 10b5e94: 
 ```
 
-
 Finally, we will use the delegation private key to sign a particular tag and 
 push it up to the registry.
 
@@ -216,7 +215,6 @@ Enter passphrase for signer key with ID 8ae710e:
 Successfully deleted signature for dtr.example.com/admin/demo:1
 ```
 
-
 ## Runtime Enforcement with Docker Content Trust
 
 > Note this only applies to Docker Enterprise Engine 18.09 or newer. This 

engine/security/trust/deploying_notary.md

@@ -8,14 +8,14 @@ The easiest way to deploy Notary Server is by using Docker Compose. To follow th
 
 1. Clone the Notary repository.
 
-       git clone git@github.com:docker/notary.git
+       git clone https://github.com/theupdateframework/notary.git
 
 2. Build and start Notary Server with the sample certificates.
 
        docker-compose up -d
 
 
-    For more detailed documentation about how to deploy Notary Server, see the [instructions to run a Notary service](/notary/running_a_service.md) as well as [the Notary repository](https://github.com/docker/notary) for more information.
+    For more detailed documentation about how to deploy Notary Server, see the [instructions to run a Notary service](/notary/running_a_service.md) as well as [the Notary repository](https://github.com/theupdateframework/notary) for more information.
 3. Make sure that your Docker or Notary client trusts Notary Server's certificate before you try to interact with the Notary server.
 
 See the instructions for [Docker](../../reference/commandline/cli.md#notary) or
@@ -25,4 +25,4 @@ for [Notary](https://github.com/docker/notary#using-notary) depending on which o
 
 Check back here for instructions after Notary Server has an official
 stable release. To get a head start on deploying Notary in production, see
-[the Notary repository](https://github.com/docker/notary).
+[the Notary repository](https://github.com/theupdateframework/notary).

engine/security/trust/trust_delegation.md

@@ -18,10 +18,37 @@ initialise a repository, manage the repository keys, and when a collaborator
 gets added with `docker trust signer add` we will add their key to the 
 `targets/releases` delegation automatically. 
 
-## Configuring the Notary CLI
+## Configuring the Docker Client
 
-Some of the more advanced features of DCT require the Notary 
-CLI. To install and configure the Notary CLI:
+By default the `$ docker trust` commands are expecting the Notary server URL
+to be the same as the Docker Registry URL specified in the image tag. When 
+using the Docker Hub or Docker Trusted Registry this is the case as a internal 
+proxy redirects the request, however for self hosted environments or 3rd party 
+registries you will need to specify an alternative URL for the notary server. 
+This is done with:
+
+```
+export DOCKER_CONTENT_TRUST_SERVER=https://<URL>:<PORT>
+```
+
+If you do not export this variable in self hosted environments you may see 
+errors such as: 
+
+```
+$ docker trust signer add --key cert.pem jeff dtr.example.com/admin/demo
+Adding signer "jeff" to dtr.example.com/admin/demo...
+[...]
+Error: trust data missing for remote repository dtr.example.com/admin/demo or remote repository not found: timestamp key trust data unavailable.  Has a notary repository been initialized?
+
+$ docker trust inspect dtr.example.com/admin/demo --pretty
+WARN[0000] Error while downloading remote metadata, using cached timestamp - this might not be the latest version available remotely
+[...]
+```
+
+## Configuring the Notary Client
+
+Some of the more advanced features of DCT require the Notary CLI. To install and 
+configure the Notary CLI:
 
 1) Download the [client](https://github.com/theupdateframework/notary/releases) 
 and ensure that it is available on your path
@@ -154,16 +181,17 @@ jeff                                    9deed251daa1aa6f9d5f9b752847647cf8d705da
 
 ## Managing Delegations in a Notary Server
 
-DCT handles initiating a repository with trust data for you,
-including rotating low level keys like the target and the snapshot key to the 
-remote Notary server. This is all done the first time you add a delegation 
-public key to the Notary server.
+When the first Delegation is added to the Notary Server using `$ docker trust`,
+we automatically initiate trust data for the repository. This includes creating 
+the notary target and snapshots keys, and rotating the snapshot key to be 
+managed by the notary server. More information on these keys can be found 
+[here](./trust_key_mng.md)
 
 When initiating a repository, you will need the key and the passphrase of a local
 Notary Canonical Root Key. If you have not initiated a repository before, and 
 therefore don't have a Notary root key, `$ docker trust` will create one for you.
 
-> Be sure to protect your [Notary Canonical Root Key](./trust_key_mng.md)
+> Be sure to protect and backup your [Notary Canonical Root Key](./trust_key_mng.md)
 
 ### Initiating the Repository