From bf9ed86856da25ab41f328716a4e2de092515095 Mon Sep 17 00:00:00 2001 From: Anne Henmi Date: Tue, 16 Oct 2018 19:50:20 -0600 Subject: [PATCH] Added more explanation, cleaned up wording. --- engine/security/security.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/engine/security/security.md b/engine/security/security.md index b42a538f53..74124d004f 100644 --- a/engine/security/security.md +++ b/engine/security/security.md @@ -204,9 +204,14 @@ those explicitly required for their processes. The Docker Content Trust signature verification feature is built directly into the `dockerd` binary. The Docker Engine can be configured to only permitted to run signed images. This is configured in the Dockerd -configuration file. To incorporate this, Docker will use trustpinning. -Trustpinning means Docker reposoitories with a known configured root key -will only be accepted. +configuration file. To incorporate this, the Docker engine have +trustpinning configured in the `daemon.json` file. Trustpinning is when +Docker reposoitories with a known configured root key will only be accepted. + +This feature provides image signature verification whenever a Docker pull +or run command uses an image. This provides insight to administrators that +was not previously available with the CLI being responsible for enforcing +and performing image signature verification. For more information on configuring Docker Content Trust Signature Verificiation, go to (xxx)[xxx].