Short Bytes: Upon common request from the Docker community to have strong cryptographic guarantees over what code and what versions of software are being run in your infrastructure, Docker has announced a new feature in 1.8 called Docker Content Trust. This feature integrates The Update Framework (TUF) into Docker using Notary, an open source tool that provides trust over any content.
Before a publisher pushes an image to a remote registry, Docker Engine signs the image locally with the publisher’s private key. When you later pull this image, Docker Engine uses the publisher’s public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with and is up to date.
A key focus of Docker is to provide the highest level of security without sacrificing usability. Once enabled, Docker Content Trust is tied into a developer’s regular Docker workflow with no additional commands to learn. Users continue to use the same
docker run, commands they always have – only now it only operates on signed content.
In this release, Docker Content Trust is available to users as an opt-in feature. With content trust enabled, all operations using a remote registry enforce the use of signed and verified images. This is a new feature that they have developed with the community and are looking forward to having you opt-in, use it and give them feedback.
Anyone can start using it today to sign and verify Docker images. All the Official repository images on Docker Hub are already signed so that you can have a base set of trusted images from which to start building your applications.
Did you like this information? Having something to add? Tell us in comments below.
Check out our homegrown product viralnews.fossbytes.com for hottest tech news on the web. For more updates and interesting stories, subscribe to fossBytes newsletter. [newsletter_signup_form id=1]