What is Docker Content Trust? The Most Demanding Feature


Docker content trustShort Bytes: Upon common request from the Docker community to have strong cryptographic guarantees over what code and what versions of software are being run in your infrastructure, Docker has announced a new feature in 1.8 called Docker Content Trust. This feature integrates The Update Framework (TUF) into Docker using Notary, an open source tool that provides trust over any content.

Enterprise adoption of any new tool or software depends upon how secure and auditable production deployment is. Docker was always put behind the bars for its security and never considered production ready by enterprises. To overcome this challenge, Docker finally released a new feature in version 1.8 called Content Trust. Docker Content Trust makes it possible to verify the publisher of Docker images.

Before a publisher pushes an image to a remote registry, Docker Engine signs the image locally with the publisher’s private key. When you later pull this image, Docker Engine uses the publisher’s public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with and is up to date.

A key focus of Docker is to provide the highest level of security without sacrificing usability. Once enabled, Docker Content Trust is tied into a developer’s regular Docker workflow with no additional commands to learn. Users continue to use the same docker pulldocker push, docker build, docker create, docker run, commands they always have – only now it only operates on signed content.

Also read: Docker, Google, CoreOS, Microsoft, IBM, Linux and More Working On Common Container Standard

In this release, Docker Content Trust is available to users as an opt-in feature. With content trust enabled, all operations using a remote registry enforce the use of signed and verified images. This is a new feature that they have developed with the community and are looking forward to having you opt-in, use it and give them feedback.

Anyone can start using it today to sign and verify Docker images. All the Official repository images on Docker Hub are already signed so that you can have a base set of trusted images from which to start building your applications.

Source: blog.docker.com

Did you like this information? Having something to add? Tell us in comments below.

Check out our homegrown product viralnews.fossbytes.com for hottest tech news on the web. For more updates and interesting stories, subscribe to fossBytes newsletter. [newsletter_signup_form id=1]

Ananda Verma

Ananda Verma

Writes for machines mostly. Sometimes for humans too.
More From Fossbytes

Latest On Fossbytes

Find your dream job