mirror of
https://github.com/confidential-containers/confidential-containers.git
synced 2025-09-25 15:01:38 +00:00
quickstart: note about checking the image is encrypted
skopeo can leave the image unencrypted without any notice. Added a comment about checking it is not the case for an image built by the user. Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This commit is contained in:
Wainer dos Santos Moschetta
committed by
Fabiano Fidêncio
Fabiano Fidêncio
parent
d91527685f
commit
9368189fa4
@@ -723,6 +723,13 @@ docker-daemon:[REGISTRY_URL]:encrypted \
|
||||
Again, be sure to replace `[REGISTRY_URL]` with the desired registry URL.
|
||||
`--insecure-policy` flag is used to connect to the attestation agent and will not impact the security of the project.
|
||||
|
||||
At this point it is a good idea to inspect the image was really encrypted as skopeo can silently leave it unencrypted. Use
|
||||
`skopeo inspect` as shown below to check that the layers MIME types are **application/vnd.oci.image.layer.v1.tar+gzip+encrypted**:
|
||||
|
||||
```
|
||||
skopeo inspect docker-daemon:[REGISTRY_URL]:encrypted
|
||||
```
|
||||
|
||||
Push the encrypted image to the registry:
|
||||
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user