Automation with content trust (Engine)
Automation with content trust
Your automation systems that pull or build images can also work with trust. Any automation environment must set DOCKER_TRUST_ENABLED either manually or in in a scripted fashion before processing images.
Bypass requests for passphrases
To allow tools to wrap docker and push trusted content, there are two environment variables that allow you to provide the passphrases without an expect script, or typing them in:
DOCKER_CONTENT_TRUST_ROOT_PASSPHRASEDOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE
Docker attempts to use the contents of these environment variables as passphrase for the keys. For example, an image publisher can export the repository target and snapshot passphrases:
$ export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE="u7pEQcGoebUHm6LHe6" $ export DO
