- Lab
- A Cloud Guru
Working with Docker Content Trust
Software signing is an important aspect of security. It is imperative to verify any software you run on your system has not been tampered with, and Docker images are no exception. Docker Content Trust enables you to sign and verify images before downloading or running them on your system. In this lab, you will have the opportunity to work with Docker Content Trust (DCT) by signing a previously unsigned image and running it on a system that has DCT enabled.
Path Info
Table of Contents
-
Challenge
Generate a Trust Key and Add Yourself as a Signer to the New Repository
- Generate a trust key.
- Create a new passphrase for your key when prompted.
- Add yourself as a signer to the
ip-10-0-1-102:443/content-dca-tearepository. - Create passphrases for the new root key and new repository key when prompted.
-
Challenge
Create a New Tag for the Image, Sign It, and Push It to the Registry
- Create a new tag for the image.
- Sign the image and push it to the registry.
- Enter the passphrase you created earlier for the trust key.
- Verify that you can run the signed image.
- If you want to test the image further, you can query the tea list web service. (You should see generated JSON data that contains a list of the various kinds of tea.)
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
