github.com/panekj/cli@v0.0.0-20230304125325-467dd2f3797e/docs/reference/commandline/trust_signer_add.md (about) 1 # trust signer add 2 3 <!---MARKER_GEN_START--> 4 Add a signer 5 6 ### Options 7 8 | Name | Type | Default | Description | 9 |:--------|:-------|:--------|:-------------------------------------| 10 | `--key` | `list` | | Path to the signer's public key file | 11 12 13 <!---MARKER_GEN_END--> 14 15 ## Description 16 17 `docker trust signer add` adds signers to signed repositories. 18 19 ## Examples 20 21 ### Add a signer to a repo 22 23 To add a new signer, `alice`, to this repository: 24 25 ```console 26 $ docker trust inspect --pretty example/trust-demo 27 28 No signatures for example/trust-demo 29 30 31 List of signers and their keys: 32 33 SIGNER KEYS 34 bob 5600f5ab76a2 35 36 Administrative keys for example/trust-demo: 37 Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 38 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 39 ``` 40 41 Add `alice` with `docker trust signer add`: 42 43 ```console 44 $ docker trust signer add alice example/trust-demo --key alice.crt 45 Adding signer "alice" to example/trust-demo... 46 Enter passphrase for repository key with ID 642692c: 47 Successfully added signer: alice to example/trust-demo 48 ``` 49 50 `docker trust inspect --pretty` now lists `alice` as a valid signer: 51 52 ```console 53 $ docker trust inspect --pretty example/trust-demo 54 55 No signatures for example/trust-demo 56 57 58 List of signers and their keys: 59 60 SIGNER KEYS 61 alice 05e87edcaecb 62 bob 5600f5ab76a2 63 64 Administrative keys for example/trust-demo: 65 Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 66 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 67 ``` 68 69 ## Initialize a new repo and add a signer 70 71 When adding a signer on a repo for the first time, `docker trust signer add` sets up a new repo if it doesn't exist. 72 73 ```console 74 $ docker trust inspect --pretty example/trust-demo 75 76 no signatures or cannot access example/trust-demo 77 ``` 78 79 ```console 80 $ docker trust signer add alice example/trust-demo --key alice.crt 81 82 Initializing signed repository for example/trust-demo... 83 Enter passphrase for root key with ID 748121c: 84 Enter passphrase for new repository key with ID 95b9e55: 85 Repeat passphrase for new repository key with ID 95b9e55: 86 Successfully initialized "example/trust-demo" 87 88 Adding signer "alice" to example/trust-demo... 89 Successfully added signer: alice to example/trust-demo 90 ``` 91 92 ```console 93 $ docker trust inspect --pretty example/trust-demo 94 95 No signatures for example/trust-demo 96 97 98 SIGNED TAG DIGEST SIGNERS 99 100 List of signers and their keys: 101 102 SIGNER KEYS 103 alice 6d52b29d940f 104 105 Administrative keys for example/trust-demo: 106 Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb 107 Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 108 ``` 109 110 ## Add a signer to multiple repos 111 To add a signer, `alice`, to multiple repositories: 112 ```console 113 $ docker trust inspect --pretty example/trust-demo 114 115 SIGNED TAG DIGEST SIGNERS 116 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 117 118 List of signers and their keys: 119 120 SIGNER KEYS 121 bob 5600f5ab76a2 122 123 Administrative keys for example/trust-demo: 124 Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 125 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 126 ``` 127 128 ```console 129 $ docker trust inspect --pretty example/trust-demo2 130 131 SIGNED TAG DIGEST SIGNERS 132 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 133 134 List of signers and their keys: 135 136 SIGNER KEYS 137 bob 5600f5ab76a2 138 139 Administrative keys for example/trust-demo2: 140 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 141 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 142 ``` 143 144 Add `alice` to both repositories with a single `docker trust signer add` command: 145 146 ```console 147 $ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt 148 149 Adding signer "alice" to example/trust-demo... 150 Enter passphrase for repository key with ID 95b9e55: 151 Successfully added signer: alice to example/trust-demo 152 153 Adding signer "alice" to example/trust-demo2... 154 Enter passphrase for repository key with ID ece554f: 155 Successfully added signer: alice to example/trust-demo2 156 ``` 157 158 `docker trust inspect --pretty` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`: 159 160 161 ```console 162 $ docker trust inspect --pretty example/trust-demo 163 164 SIGNED TAG DIGEST SIGNERS 165 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 166 167 List of signers and their keys: 168 169 SIGNER KEYS 170 alice 05e87edcaecb 171 bob 5600f5ab76a2 172 173 Administrative keys for example/trust-demo: 174 Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e 175 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 176 ``` 177 178 ```console 179 $ docker trust inspect --pretty example/trust-demo2 180 181 SIGNED TAG DIGEST SIGNERS 182 v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob 183 184 List of signers and their keys: 185 186 SIGNER KEYS 187 alice 05e87edcaecb 188 bob 5600f5ab76a2 189 190 Administrative keys for example/trust-demo2: 191 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 192 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 193 ``` 194 195 196 `docker trust signer add` adds signers to repositories on a best effort basis, so it will continue to add the signer to subsequent repositories if one attempt fails: 197 198 ```console 199 $ docker trust signer add alice example/unauthorized example/authorized --key alice.crt 200 201 Adding signer "alice" to example/unauthorized... 202 you are not authorized to perform this operation: server returned 401. 203 204 Adding signer "alice" to example/authorized... 205 Enter passphrase for repository key with ID c6772a0: 206 Successfully added signer: alice to example/authorized 207 208 failed to add signer to: example/unauthorized 209 ```