Manus에서 모든 스킬 실행
원클릭으로
원클릭으로
원클릭으로 Manus에서 모든 스킬 실행
시작하기docker-image-signing
Docker Content Trust - image signing, verification, key management, and CI/CD signing pipelines
스타0
포크0
업데이트2026년 5월 24일 19:35
SKILL.md
readonly
설치 명령
다운로드
유용한 대상SOC
메뉴
Docker Content Trust - image signing, verification, key management, and CI/CD signing pipelines
Debug running containers with log analysis, shell access, state inspection, and network diagnostics.
Multi-stage pipelines, sidecar patterns, healthchecks, init containers, signal handling, and graceful shutdown.
Use Docker in CI/CD pipelines with GitHub Actions, multi-platform builds, registry push, and layer caching strategies.
Write, debug, and optimize docker-compose.yml files with service definitions, networking, volumes, and healthchecks.
Manage Docker contexts for multi-host and remote Docker engine workflows
Set up development environments with Docker including hot reload, dev containers, bind mounts, and database containers.
| name | docker-image-signing |
| description | Docker Content Trust - image signing, verification, key management, and CI/CD signing pipelines |
| standards-version | 1.10.0 |
Enable, manage, and enforce Docker Content Trust (DCT) for image signing and verification across development and CI/CD workflows.
flowchart TD
A[Build and push image] --> B{DCT enabled?}
B -->|No| C["Set DOCKER_CONTENT_TRUST=1"]
C --> D
B -->|Yes| D{Signing key exists?}
D -->|No| E[Generate key pair]
E -->|docker_trustKey generate| F[Back up root key offline]
F --> G
D -->|Yes| G[Sign the image]
G -->|docker_trustSign| H[Verify signatures]
H -->|docker_trustInspect| I{Signatures valid?}
I -->|Yes| J[Image is trusted - safe to deploy]
I -->|No| K[Revoke compromised image]
K -->|docker_trustRevoke| L[Re-sign with new key]
L --> G
Activate when the user:
DOCKER_CONTENT_TRUST is enabled in the environment.docker_trustInspect to view current signers and signatures for an image.docker_trustKey to generate a new signing key pair or load an existing private key.docker_trustSign to sign images after pushing to a registry.DOCKER_CONTENT_TRUST=1), pulls automatically verify signatures.docker_trustRevoke to remove trust data for a compromised image.DOCKER_CONTENT_TRUST=1 enables enforcement globallyhttps://notary.docker.io (Docker Hub)~/.docker/trust/ on the signing machineUser: "Set up image signing for our CI/CD pipeline"
Assistant: Walks through the complete setup:
docker_trustKey with action generate to create a signing keyDOCKER_CONTENT_TRUST=1 in CI environmentdocker_trustSigndocker_trustInspect to verify signatures are in place| Tool | When to Use |
|---|---|
docker_trustInspect | Viewing signers, signatures, and trust data for an image |
docker_trustSign | Signing an image for Docker Content Trust |
docker_trustRevoke | Revoking trust for a compromised or deprecated image |
docker_trustKey | Generating new signing keys or loading existing keys |
DOCKER_CONTENT_TRUST=1 only affects the current shell session. For CI/CD, set it in the pipeline configuration, not interactively.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE environment variable. Never hardcode it - use CI secrets.FROM instructions. Pin base images to signed tags or use --disable-content-trust selectively.DOCKER_CONTENT_TRUST_SERVER to point to the correct endpoint.docker-security skill - for general container security hardeningdocker-registry skill - for registry workflows and authenticationdocker-swarm skill - Swarm services can enforce signed images with --with-registry-authswarm-security rule - automated checks for Swarm security issues