The Docker Content Trust mechanism is implemented using Docker Notary (https://github.com/docker/notary), which is on The Update Framework (https://github.com/theupdateframework/tuf). TUF is a secure framework that allows us to delivery a collection of trusted content at a time. Notary allows a client and a server to form a trusted collection by making it easier to publish and verify contents. If we have a Docker image, we can sign it offline using a highly secure offline key. Then when we publish that image, we can push it to a Notary server that can be used to delivery trusted images. Notary is the way to enable Secured Software Supply Chain for the enterprise using Docker.
We demonstrate how to set up our own Notary server and use it to sign Docker image content before pushing to a Docker registry. The prerequisite is to have a recent version of Docker Compose installed.
The first step is to clone Notary (in this example we fix its version at 0.4.2):
git clone https://github...