github.com/docker/docker-ce@v17.12.1-ce-rc2+incompatible/components/cli/docs/reference/commandline/trust_signer_add.md (about) 1 --- 2 title: "signer add" 3 description: "The signer add command description and usage" 4 keywords: "signer, notary, trust" 5 --- 6 7 <!-- This file is maintained within the docker/cli Github 8 repository at https://github.com/docker/cli/. Make all 9 pull requests against that repo. If you see this file in 10 another repository, consider it read-only there, as it will 11 periodically be overwritten by the definitive file. Pull 12 requests which include edits to this file in other repositories 13 will be rejected. 14 --> 15 16 # trust signer add 17 18 ```markdown 19 Usage: docker trust signer add [OPTIONS] NAME REPOSITORY [REPOSITORY...] 20 21 Add a signer 22 23 Options: 24 --help Print usage 25 -k, --key list Path to the signer's public key file 26 ``` 27 28 ## Description 29 30 `docker trust signer add` adds signers to signed repositories. 31 32 `docker trust signer add` is currently experimental. 33 34 ## Examples 35 36 ### Add a signer to a repo 37 38 To add a new signer, `alice`, to this repository: 39 40 ```bash 41 $ docker trust view example/trust-demo 42 43 No signatures for example/trust-demo 44 45 46 List of signers and their keys: 47 48 SIGNER KEYS 49 bob 5600f5ab76a2 50 51 Administrative keys for example/trust-demo: 52 Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 53 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 54 ``` 55 56 Add `alice` with `docker trust signer add`: 57 58 ```bash 59 $ docker trust signer add alice example/trust-demo --key alice.crt 60 Adding signer "alice" to example/trust-demo... 61 Enter passphrase for repository key with ID 642692c: 62 Successfully added signer: alice to example/trust-demo 63 ``` 64 65 `docker trust view` now lists `alice` as a valid signer: 66 67 ```bash 68 $ docker trust view example/trust-demo 69 70 No signatures for example/trust-demo 71 72 73 List of signers and their keys: 74 75 SIGNER KEYS 76 alice 05e87edcaecb 77 bob 5600f5ab76a2 78 79 Administrative keys for example/trust-demo: 80 Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 81 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 82 ``` 83 84 ## Initialize a new repo and add a signer 85 86 When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist. 87 88 ```bash 89 $ docker trust view example/trust-demo 90 No signatures or cannot access example/trust-demo 91 ``` 92 93 ```bash 94 $ docker trust signer add alice example/trust-demo --key alice.crt 95 Initializing signed repository for example/trust-demo... 96 Enter passphrase for root key with ID 748121c: 97 Enter passphrase for new repository key with ID 95b9e55: 98 Repeat passphrase for new repository key with ID 95b9e55: 99 Successfully initialized "example/trust-demo" 100 101 Adding signer "alice" to example/trust-demo... 102 Successfully added signer: alice to example/trust-demo 103 ``` 104 105 ```bash 106 $ docker trust view example/trust-demo 107 108 No signatures for example/trust-demo 109 110 111 SIGNED TAG DIGEST SIGNERS 112 113 List of signers and their keys: 114 115 SIGNER KEYS 116 alice 6d52b29d940f 117 118 Administrative keys for example/trust-demo: 119 Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb 120 Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 121 ``` 122 123 ## Add a signer to multiple repos 124 To add a signer, `alice`, to multiple repositories: 125 126 ```bash 127 $ docker trust view example/trust-demo 128 SIGNED TAG DIGEST SIGNERS 129 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 130 131 List of signers and their keys: 132 133 SIGNER KEYS 134 bob 5600f5ab76a2 135 136 Administrative keys for example/trust-demo: 137 Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 138 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 139 ``` 140 ```bash 141 $ docker trust view example/trust-demo2 142 SIGNED TAG DIGEST SIGNERS 143 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 144 145 List of signers and their keys: 146 147 SIGNER KEYS 148 bob 5600f5ab76a2 149 150 Administrative keys for example/trust-demo2: 151 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 152 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 153 ``` 154 Add `alice` to both repositories with a single `docker trust signer add` command: 155 156 ```bash 157 $ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt 158 Adding signer "alice" to example/trust-demo... 159 Enter passphrase for repository key with ID 95b9e55: 160 Successfully added signer: alice to example/trust-demo 161 162 Adding signer "alice" to example/trust-demo2... 163 Enter passphrase for repository key with ID ece554f: 164 Successfully added signer: alice to example/trust-demo2 165 ``` 166 `docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`: 167 168 169 ```bash 170 $ docker trust view example/trust-demo 171 SIGNED TAG DIGEST SIGNERS 172 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 173 174 List of signers and their keys: 175 176 SIGNER KEYS 177 alice 05e87edcaecb 178 bob 5600f5ab76a2 179 180 Administrative keys for example/trust-demo: 181 Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 182 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 183 ``` 184 ```bash 185 $ docker trust view example/trust-demo2 186 SIGNED TAG DIGEST SIGNERS 187 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 188 189 List of signers and their keys: 190 191 SIGNER KEYS 192 alice 05e87edcaecb 193 bob 5600f5ab76a2 194 195 Administrative keys for example/trust-demo2: 196 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 197 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 198 ``` 199 200 201 `docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails: 202 203 ```bash 204 $ docker trust signer add alice example/unauthorized example/authorized --key alice.crt 205 Adding signer "alice" to example/unauthorized... 206 you are not authorized to perform this operation: server returned 401. 207 208 Adding signer "alice" to example/authorized... 209 Enter passphrase for repository key with ID c6772a0: 210 Successfully added signer: alice to example/authorized 211 212 Failed to add signer to: example/unauthorized 213 ```