By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Image signing and trust (Content Trust – DCT) verifies the integrity and authenticity of Docker images. docker trust.
docker trust key list
docker trust key generate
docker trust key create mykey
docker trust key load mykey
docker trust sign myimage
docker trust inspect myimage
docker trust key remove mykey
docker system prune -af
Purpose: Sign a Docker image with a key.Command: docker trust sign myimage --key mykey Flags: --key specifies the key to use for signing.
docker trust sign myimage --key mykey
--key
Purpose: Verify the trust information of a Docker image.Command: docker trust inspect myimage Flags: None.
Purpose: Add a key to the default keyring.Command: docker trust key load mykey Flags: None.
Error message: Error: key not found Why it happens: The key is not in the keyring.Fix: docker trust key load mykey
Error: key not found
Error message: Error: image not signed Why it happens: The image is not signed with a key.Fix: docker trust sign myimage --key mykey
Error: image not signed
Error message: Error: keyring not initialized Why it happens: The keyring is not initialized.Fix: docker trust key generate
Error: keyring not initialized
Situation: You want to verify if an image is signed.Command: docker trust inspect myimage Correct response: The image's trust information is displayed.
Situation: You want to check if the keyring is initialized.Command: docker trust key list Correct response: A list of available keys is displayed.
Situation: You want to check if an image is signed.Command: docker trust inspect myimage Correct response: An error message is displayed indicating the image is not signed.
• Docker Content Trust is enabled by default in Docker 1.13 and later.• The default keyring is stored in ~/.docker/trust/keyring.• Use docker trust key generate to initialize the keyring.• Use docker trust key load to add a key to the keyring.• Use docker trust sign to sign an image with a key.• Use docker trust inspect to verify an image's trust information.• Use docker trust key remove to remove a key from the keyring.• Use docker system prune -af to clean up.• ⚠️ Docker Content Trust is not enabled by default in Docker versions prior to 1.13.• ⚠️ The default keyring is not initialized by default in Docker versions prior to 1.13.
~/.docker/trust/keyring
docker trust key load
docker trust sign
docker trust inspect
docker trust key remove
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.