Manage keys for content trust (Engine)
Manage keys for content trust
Trust for an image tag is managed through the use of keys. Docker’s content trust makes use four different keys:
| Key | Description |
|---|---|
| root key | Root of content trust for a image tag. When content trust is enabled, you create the root key once. |
| target and snapshot | These two keys are known together as the “repository” key. When content trust is enabled, you create this key when you add a new image repository. If you have the root key, you can export the repository key and allow other publishers to sign the image tags. |
| timestamp | This key applies to a repository. It allows Docker repositories to have freshness security guarantees without requiring periodic content refreshes on the client’s side. |
With the exception of the timestamp, all the keys are
