Hi, I’m currently experimenting with using balenaEngine in an edge product. One of our requirements is that we enforce container image signing and refuse to run untrusted images. Does balenaEngine support Docker Content Trust enforcement, like the upstream Docker engine does?
you should be able to follow the official docker docs on the
trust subcommand: https://docs.docker.com/v17.12/edge/engine/reference/commandline/trust/
This command is experimental on the Docker client. It should not be used in production environments. To enable experimental features in the Docker CLI, edit the config.json and set
Related question: can I configure balenaEngine to only accept containers from one remote registry (and configure that registry as default)?