Information
Content trust is disabled by default. You should enable it.Content trust provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side verification of the integrity and publisher of specific image tags. This ensures provenance of container images.
Solution
To enable content trust in a bash shell, enter the following command-
export DOCKER_CONTENT_TRUST=1
Alternatively, set this environment variable in your profile file so that content trust in enabled on every login.
Impact-
In an environment where DOCKER_CONTENT_TRUST is set, you are required to follow trust procedures while working with images - build, create, pull, push and run. You can use the --disable-content-trust flag to run individual operations on tagged images without content trust on an as-needed basis but that defeats the purpose of enabling content trust and hence, should be avoided wherever possible.
Note- Content trust is currently only available for users of the public Docker Hub. It is currently not available for the Docker Trusted Registry or for private registries.
Default Value-
By default, content trust is disabled.