docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/_data/engine-cli/docker_trust_inspect.yaml

117 lines
10 KiB
YAML
Raw Blame History

command: docker trust inspect
short: Return low-level information about keys and signatures
long: |-
`docker trust inspect` provides low-level JSON information on signed repositories.
This includes all image tags that are signed, who signed them, and who can sign
new tags.
`docker trust inspect` prints the trust information in a machine-readable format. Refer to
[`docker trust view`](trust_view.md) for a human-friendly output.
`docker trust inspect` is currently experimental.
usage: docker trust inspect IMAGE[:TAG] [IMAGE[:TAG]...]
pname: docker trust
plink: docker_trust.yaml
examples: "### Get low-level details about signatures for a single image tag\n\nUse
the `docker trust inspect` to get trust information about an image. The\nfollowing
example prints trust information for the `alpine:latest` image:\n\n```bash\n$ docker
trust inspect alpine:latest\n[\n {\n \"Name\": \"alpine:latest\",\n \"SignedTags\":
[\n {\n \"SignedTag\": \"latest\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n
\ \"Signers\": [\n \"Repo Admin\"\n ]\n }\n ],\n \"Signers\":
[],\n \"AdminstrativeKeys\": [\n {\n \"Name\": \"Repository\",\n
\ \"Keys\": [\n {\n \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n
\ }\n ]\n },\n {\n \"Name\": \"Root\",\n \"Keys\":
[\n {\n \"ID\": \"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n
\ }\n ]\n }\n ]\n }\n]\n```\n\nThe `SignedTags` key will
list the `SignedTag` name, its `Digest`, and the `Signers` responsible for the signature.\n\n`AdministrativeKeys`
will list the `Repository` and `Root` keys.\n\nThis format mirrors the output of
`docker trust view` \n\nIf signers are set up for the repository via other `docker
trust` commands, `docker trust inspect` includes a `Signers` key:\n\n```bash\n$
docker trust inspect my-image:purple\n[\n {\n \"Name\": \"my-image:purple\",\n
\ \"SignedTags\": [\n {\n \"SignedTag\": \"purple\",\n \"Digest\":
\"941d3dba358621ce3c41ef67b47cf80f701ff80cdf46b5cc86587eaebfe45557\",\n \"Signers\":
[\n \"alice\",\n \"bob\",\n \"carol\"\n ]\n }\n
\ ],\n \"Signers\": [\n {\n \"Name\": \"alice\",\n \"Keys\":
[\n {\n \"ID\": \"04dd031411ed671ae1e12f47ddc8646d98f135090b01e54c3561e843084484a3\"\n
\ },\n {\n \"ID\": \"6a11e4898a4014d400332ab0e096308c844584ff70943cdd1d6628d577f45fd8\"\n
\ }\n ]\n },\n {\n \"Name\": \"bob\",\n \"Keys\":
[\n {\n \"ID\": \"433e245c656ae9733cdcc504bfa560f90950104442c4528c9616daa45824ccba\"\n
\ }\n ]\n },\n {\n \"Name\": \"carol\",\n \"Keys\":
[\n {\n \"ID\": \"d32fa8b5ca08273a2880f455fcb318da3dc80aeae1a30610815140deef8f30d9\"\n
\ },\n {\n \"ID\": \"9a8bbec6ba2af88a5fad6047d428d17e6d05dbdd03d15b4fc8a9a0e8049cd606\"\n
\ }\n ]\n }\n ],\n \"AdminstrativeKeys\": [\n {\n
\ \"Name\": \"Repository\",\n \"Keys\": [\n {\n \"ID\":
\"27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44\"\n }\n
\ ]\n },\n {\n \"Name\": \"Root\",\n \"Keys\": [\n
\ {\n \"ID\": \"40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f\"\n
\ }\n ]\n }\n ]\n }\n]\n```\n\nIf the image tag is unsigned
or unavailable, `docker trust inspect` does not display any signed tags.\n\n```bash\n$
docker trust inspect unsigned-img\nNo signatures or cannot access unsigned-img\n```\n\nHowever,
if other tags are signed in the same image repository, `docker trust inspect` reports
relevant key information:\n\n```bash\n$ docker trust inspect alpine:unsigned\n[\n
\ {\n \"Name\": \"alpine:unsigned\",\n \"Signers\": [],\n \"AdminstrativeKeys\":
[\n {\n \"Name\": \"Repository\",\n \"Keys\": [\n {\n
\ \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n
\ }\n ]\n },\n {\n \"Name\": \"Root\",\n \"Keys\":
[\n {\n \"ID\": \"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n
\ }\n ]\n }\n ]\n }\n]\n```\n\n### Get details about signatures
for all image tags in a repository\n\nIf no tag is specified, `docker trust inspect`
will report details for all signed tags in the repository:\n\n```bash\n$ docker
trust inspect alpine\n[\n {\n \"Name\": \"alpine\",\n \"SignedTags\":
[\n {\n \"SignedTag\": \"3.5\",\n \"Digest\":
\"b007a354427e1880de9cdba533e8e57382b7f2853a68a478a17d447b302c219c\",\n \"Signers\":
[\n \"Repo Admin\"\n ]\n },\n {\n
\ \"SignedTag\": \"3.6\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n
\ \"Signers\": [\n \"Repo Admin\"\n ]\n
\ },\n {\n \"SignedTag\": \"edge\",\n \"Digest\":
\"23e7d843e63a3eee29b6b8cfcd10e23dd1ef28f47251a985606a31040bf8e096\",\n \"Signers\":
[\n \"Repo Admin\"\n ]\n },\n {\n
\ \"SignedTag\": \"latest\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n
\ \"Signers\": [\n \"Repo Admin\"\n ]\n
\ }\n ],\n \"Signers\": [],\n \"AdminstrativeKeys\":
[\n {\n \"Name\": \"Repository\",\n \"Keys\":
[\n {\n \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n
\ }\n ]\n },\n {\n \"Name\":
\"Root\",\n \"Keys\": [\n {\n \"ID\":
\"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n }\n
\ ]\n }\n ]\n }\n]\n```\n\n\n### Get details
about signatures for multiple images\n\n`docker trust inspect` can take multiple
repositories and images as arguments, and reports the results in an ordered list:\n\n```bash\n$
docker trust inspect alpine notary\n[\n {\n \"Name\": \"alpine\",\n \"SignedTags\":
[\n {\n \"SignedTag\": \"3.5\",\n \"Digest\":
\"b007a354427e1880de9cdba533e8e57382b7f2853a68a478a17d447b302c219c\",\n \"Signers\":
[\n \"Repo Admin\"\n ]\n },\n {\n
\ \"SignedTag\": \"3.6\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n
\ \"Signers\": [\n \"Repo Admin\"\n ]\n
\ },\n {\n \"SignedTag\": \"edge\",\n \"Digest\":
\"23e7d843e63a3eee29b6b8cfcd10e23dd1ef28f47251a985606a31040bf8e096\",\n \"Signers\":
[\n \"Repo Admin\"\n ]\n },\n {\n
\ \"SignedTag\": \"integ-test-base\",\n \"Digest\":
\"3952dc48dcc4136ccdde37fbef7e250346538a55a0366e3fccc683336377e372\",\n \"Signers\":
[\n \"Repo Admin\"\n ]\n },\n {\n
\ \"SignedTag\": \"latest\",\n \"Digest\": \"d6bfc3baf615dc9618209a8d607ba2a8103d9c8a405b3bd8741d88b4bef36478\",\n
\ \"Signers\": [\n \"Repo Admin\"\n ]\n
\ }\n ],\n \"Signers\": [],\n \"AdminstrativeKeys\":
[\n {\n \"Name\": \"Repository\",\n \"Keys\":
[\n {\n \"ID\": \"5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd\"\n
\ }\n ]\n },\n {\n \"Name\":
\"Root\",\n \"Keys\": [\n {\n \"ID\":
\"a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce\"\n }\n
\ ]\n }\n ]\n },\n {\n \"Name\": \"notary\",\n
\ \"SignedTags\": [\n {\n \"SignedTag\": \"server\",\n
\ \"Digest\": \"71f64ab718a3331dee103bc5afc6bc492914738ce37c2d2f127a8133714ecf5c\",\n
\ \"Signers\": [\n \"Repo Admin\"\n ]\n
\ },\n {\n \"SignedTag\": \"signer\",\n \"Digest\":
\"a6122d79b1e74f70b5dd933b18a6d1f99329a4728011079f06b245205f158fe8\",\n \"Signers\":
[\n \"Repo Admin\"\n ]\n }\n ],\n
\ \"Signers\": [],\n \"AdminstrativeKeys\": [\n {\n \"Name\":
\"Root\",\n \"Keys\": [\n {\n \"ID\":
\"8cdcdef5bd039f4ab5a029126951b5985eebf57cabdcdc4d21f5b3be8bb4ce92\"\n }\n
\ ]\n },\n {\n \"Name\": \"Repository\",\n
\ \"Keys\": [\n {\n \"ID\":
\"85bfd031017722f950d480a721f845a2944db26a3dc084040a70f1b0d9bbb3df\"\n }\n
\ ]\n }\n ]\n }\n]\n```"
deprecated: false
experimental: false
Reference in New Issue View Git Blame Copy Permalink