github.com/AliyunContainerService/cli@v0.0.0-20181009023821-814ced4b30d0/docs/reference/commandline/trust_signer_add.md (about) 1 --- 2 title: "signer add" 3 description: "The signer add command description and usage" 4 keywords: "signer, notary, trust" 5 --- 6 7 <!-- This file is maintained within the docker/cli Github 8 repository at https://github.com/docker/cli/. Make all 9 pull requests against that repo. If you see this file in 10 another repository, consider it read-only there, as it will 11 periodically be overwritten by the definitive file. Pull 12 requests which include edits to this file in other repositories 13 will be rejected. 14 --> 15 16 # trust signer add 17 18 ```markdown 19 Usage: docker trust signer add [OPTIONS] NAME REPOSITORY [REPOSITORY...] 20 21 Add a signer 22 23 Options: 24 --help Print usage 25 -k, --key list Path to the signer's public key file 26 ``` 27 28 ## Description 29 30 `docker trust signer add` adds signers to signed repositories. 31 32 ## Examples 33 34 ### Add a signer to a repo 35 36 To add a new signer, `alice`, to this repository: 37 38 ```bash 39 $ docker trust view example/trust-demo 40 41 No signatures for example/trust-demo 42 43 44 List of signers and their keys: 45 46 SIGNER KEYS 47 bob 5600f5ab76a2 48 49 Administrative keys for example/trust-demo: 50 Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 51 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 52 ``` 53 54 Add `alice` with `docker trust signer add`: 55 56 ```bash 57 $ docker trust signer add alice example/trust-demo --key alice.crt 58 Adding signer "alice" to example/trust-demo... 59 Enter passphrase for repository key with ID 642692c: 60 Successfully added signer: alice to example/trust-demo 61 ``` 62 63 `docker trust view` now lists `alice` as a valid signer: 64 65 ```bash 66 $ docker trust view example/trust-demo 67 68 No signatures for example/trust-demo 69 70 71 List of signers and their keys: 72 73 SIGNER KEYS 74 alice 05e87edcaecb 75 bob 5600f5ab76a2 76 77 Administrative keys for example/trust-demo: 78 Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 79 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 80 ``` 81 82 ## Initialize a new repo and add a signer 83 84 When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist. 85 86 ```bash 87 $ docker trust view example/trust-demo 88 No signatures or cannot access example/trust-demo 89 ``` 90 91 ```bash 92 $ docker trust signer add alice example/trust-demo --key alice.crt 93 Initializing signed repository for example/trust-demo... 94 Enter passphrase for root key with ID 748121c: 95 Enter passphrase for new repository key with ID 95b9e55: 96 Repeat passphrase for new repository key with ID 95b9e55: 97 Successfully initialized "example/trust-demo" 98 99 Adding signer "alice" to example/trust-demo... 100 Successfully added signer: alice to example/trust-demo 101 ``` 102 103 ```bash 104 $ docker trust view example/trust-demo 105 106 No signatures for example/trust-demo 107 108 109 SIGNED TAG DIGEST SIGNERS 110 111 List of signers and their keys: 112 113 SIGNER KEYS 114 alice 6d52b29d940f 115 116 Administrative keys for example/trust-demo: 117 Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb 118 Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 119 ``` 120 121 ## Add a signer to multiple repos 122 To add a signer, `alice`, to multiple repositories: 123 124 ```bash 125 $ docker trust view example/trust-demo 126 SIGNED TAG DIGEST SIGNERS 127 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 128 129 List of signers and their keys: 130 131 SIGNER KEYS 132 bob 5600f5ab76a2 133 134 Administrative keys for example/trust-demo: 135 Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 136 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 137 ``` 138 ```bash 139 $ docker trust view example/trust-demo2 140 SIGNED TAG DIGEST SIGNERS 141 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 142 143 List of signers and their keys: 144 145 SIGNER KEYS 146 bob 5600f5ab76a2 147 148 Administrative keys for example/trust-demo2: 149 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 150 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 151 ``` 152 Add `alice` to both repositories with a single `docker trust signer add` command: 153 154 ```bash 155 $ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt 156 Adding signer "alice" to example/trust-demo... 157 Enter passphrase for repository key with ID 95b9e55: 158 Successfully added signer: alice to example/trust-demo 159 160 Adding signer "alice" to example/trust-demo2... 161 Enter passphrase for repository key with ID ece554f: 162 Successfully added signer: alice to example/trust-demo2 163 ``` 164 `docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`: 165 166 167 ```bash 168 $ docker trust view example/trust-demo 169 SIGNED TAG DIGEST SIGNERS 170 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 171 172 List of signers and their keys: 173 174 SIGNER KEYS 175 alice 05e87edcaecb 176 bob 5600f5ab76a2 177 178 Administrative keys for example/trust-demo: 179 Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 180 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 181 ``` 182 ```bash 183 $ docker trust view example/trust-demo2 184 SIGNED TAG DIGEST SIGNERS 185 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 186 187 List of signers and their keys: 188 189 SIGNER KEYS 190 alice 05e87edcaecb 191 bob 5600f5ab76a2 192 193 Administrative keys for example/trust-demo2: 194 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 195 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 196 ``` 197 198 199 `docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails: 200 201 ```bash 202 $ docker trust signer add alice example/unauthorized example/authorized --key alice.crt 203 Adding signer "alice" to example/unauthorized... 204 you are not authorized to perform this operation: server returned 401. 205 206 Adding signer "alice" to example/authorized... 207 Enter passphrase for repository key with ID c6772a0: 208 Successfully added signer: alice to example/authorized 209 210 Failed to add signer to: example/unauthorized 211 ```