Docker Content Trust/container signing enforcement

security
#1

Hi, I’m currently experimenting with using balenaEngine in an edge product. One of our requirements is that we enforce container image signing and refuse to run untrusted images. Does balenaEngine support Docker Content Trust enforcement, like the upstream Docker engine does?

#7

Hi @moosnat-meraki

you should be able to follow the official docker docs on the trust subcommand: https://docs.docker.com/v17.12/edge/engine/reference/commandline/trust/

This command is experimental on the Docker client. It should not be used in production environments. To enable experimental features in the Docker CLI, edit the config.json and set experimental to enabled .

#8

Hey, thanks!
Related question: can I configure balenaEngine to only accept containers from one remote registry (and configure that registry as default)?