Docker Content Trust helps us guarantee content security in container environments and ensure image provenance and trusted content. In production environments, it is critical to be able to ensure that any running container was generated from trusted content. If image security cannot be validated, no container should be allowed to run based on that image.
We have learned that Content Trust improves Docker repository security by means of four fundamental keys. The root key ensures ownership and the targets key will allow content to be verified in specific collections or repositories. These keys will be protected by passphrases and we will be asked for them when signing. The snapshot and timestamp keys will not require any user interaction and will be generated automatically to guarantee the content key files and the dates and expiration of the signed image.
In the next chapter, we will introduce the concept of orchestration. We will review all the features required to manage container...
