github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/cli/docs/reference/commandline/trust_signer_add.md

github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/cli/docs/reference/commandline/trust_signer_add.md (about)

     1  ---
     2  title: "signer add"
     3  description: "The signer add command description and usage"
     4  keywords: "signer, notary, trust"
     5  ---
     6  
     7  # trust signer add
     8  
     9  ```markdown
    10  Usage:  docker trust signer add [OPTIONS] NAME REPOSITORY [REPOSITORY...]
    11  
    12  Add a signer
    13  
    14  Options:
    15        --help       Print usage
    16    -k, --key list   Path to the signer's public key file
    17  ```
    18  
    19  ## Description
    20  
    21  `docker trust signer add` adds signers to signed repositories.
    22  
    23  ## Examples
    24  
    25  ### Add a signer to a repo
    26  
    27  To add a new signer, `alice`, to this repository:
    28  
    29  ```console
    30  $ docker trust inspect --pretty example/trust-demo
    31  
    32  No signatures for example/trust-demo
    33  
    34  
    35  List of signers and their keys:
    36  
    37  SIGNER              KEYS
    38  bob                 5600f5ab76a2
    39  
    40  Administrative keys for example/trust-demo:
    41  Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
    42  Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
    43  ```
    44  
    45  Add `alice` with `docker trust signer add`:
    46  
    47  ```console
    48  $ docker trust signer add alice example/trust-demo --key alice.crt
    49    Adding signer "alice" to example/trust-demo...
    50    Enter passphrase for repository key with ID 642692c:
    51  Successfully added signer: alice to example/trust-demo
    52  ```
    53  
    54  `docker trust inspect --pretty` now lists `alice` as a valid signer:
    55  
    56  ```console
    57  $ docker trust inspect --pretty example/trust-demo
    58  
    59  No signatures for example/trust-demo
    60  
    61  
    62  List of signers and their keys:
    63  
    64  SIGNER              KEYS
    65  alice               05e87edcaecb
    66  bob                 5600f5ab76a2
    67  
    68  Administrative keys for example/trust-demo:
    69  Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
    70  Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
    71  ```
    72  
    73  ## Initialize a new repo and add a signer
    74  
    75  When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist.
    76  
    77  ```console
    78  $ docker trust inspect --pretty example/trust-demo
    79  
    80  No signatures or cannot access example/trust-demo
    81  ```
    82  
    83  ```console
    84  $ docker trust signer add alice example/trust-demo --key alice.crt
    85  
    86  Initializing signed repository for example/trust-demo...
    87  Enter passphrase for root key with ID 748121c:
    88  Enter passphrase for new repository key with ID 95b9e55:
    89  Repeat passphrase for new repository key with ID 95b9e55:
    90  Successfully initialized "example/trust-demo"
    91  
    92  Adding signer "alice" to example/trust-demo...
    93  Successfully added signer: alice to example/trust-demo
    94  ```
    95  
    96  ```console
    97  $ docker trust inspect --pretty example/trust-demo
    98  
    99  No signatures for example/trust-demo
   100  
   101  
   102  SIGNED TAG          DIGEST                                                             SIGNERS
   103  
   104  List of signers and their keys:
   105  
   106  SIGNER              KEYS
   107  alice               6d52b29d940f
   108  
   109  Administrative keys for example/trust-demo:
   110  Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
   111  Root Key:       748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
   112  ```
   113  
   114  ## Add a signer to multiple repos
   115  To add a signer, `alice`, to multiple repositories:
   116  ```console
   117  $ docker trust inspect --pretty example/trust-demo
   118  
   119  SIGNED TAG          DIGEST                                                             SIGNERS
   120  v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob
   121  
   122  List of signers and their keys:
   123  
   124  SIGNER              KEYS
   125  bob                 5600f5ab76a2
   126  
   127  Administrative keys for example/trust-demo:
   128  Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
   129  Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
   130  ```
   131  
   132  ```console
   133  $ docker trust inspect --pretty example/trust-demo2
   134  
   135  SIGNED TAG          DIGEST                                                             SIGNERS
   136  v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob
   137  
   138  List of signers and their keys:
   139  
   140  SIGNER              KEYS
   141  bob                 5600f5ab76a2
   142  
   143  Administrative keys for example/trust-demo2:
   144  Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
   145  Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
   146  ```
   147  
   148  Add `alice` to both repositories with a single `docker trust signer add` command:
   149  
   150  ```console
   151  $ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt
   152  
   153  Adding signer "alice" to example/trust-demo...
   154  Enter passphrase for repository key with ID 95b9e55:
   155  Successfully added signer: alice to example/trust-demo
   156  
   157  Adding signer "alice" to example/trust-demo2...
   158  Enter passphrase for repository key with ID ece554f:
   159  Successfully added signer: alice to example/trust-demo2
   160  ```
   161  
   162  `docker trust inspect --pretty` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`:
   163  
   164  
   165  ```console
   166  $ docker trust inspect --pretty example/trust-demo
   167  
   168  SIGNED TAG          DIGEST                                                             SIGNERS
   169  v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob
   170  
   171  List of signers and their keys:
   172  
   173  SIGNER              KEYS
   174  alice               05e87edcaecb
   175  bob                 5600f5ab76a2
   176  
   177  Administrative keys for example/trust-demo:
   178  Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
   179  Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
   180  ```
   181  
   182  ```console
   183  $ docker trust inspect --pretty example/trust-demo2
   184  
   185  SIGNED TAG          DIGEST                                                             SIGNERS
   186  v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob
   187  
   188  List of signers and their keys:
   189  
   190  SIGNER              KEYS
   191  alice               05e87edcaecb
   192  bob                 5600f5ab76a2
   193  
   194  Administrative keys for example/trust-demo2:
   195  Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
   196  Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
   197  ```
   198  
   199  
   200  `docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails:
   201  
   202  ```console
   203  $ docker trust signer add alice example/unauthorized example/authorized --key alice.crt
   204  
   205  Adding signer "alice" to example/unauthorized...
   206  you are not authorized to perform this operation: server returned 401.
   207  
   208  Adding signer "alice" to example/authorized...
   209  Enter passphrase for repository key with ID c6772a0:
   210  Successfully added signer: alice to example/authorized
   211  
   212  Failed to add signer to: example/unauthorized
   213  ```