From 9368189fa46d377fca2e6f954af1b592695e6330 Mon Sep 17 00:00:00 2001
From: Wainer dos Santos Moschetta <wainersm@redhat.com>
Date: Mon, 19 Dec 2022 11:37:32 -0300
Subject: [PATCH] quickstart: note about checking the image is encrypted

skopeo can leave the image unencrypted without any notice. Added a
comment about checking it is not the case for an image built by the
user.

Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
---
 quickstart.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/quickstart.md b/quickstart.md
index 09ebe4c..1b459e5 100644
--- a/quickstart.md
+++ b/quickstart.md
@@ -723,6 +723,13 @@ docker-daemon:[REGISTRY_URL]:encrypted \
 Again, be sure to replace `[REGISTRY_URL]` with the desired registry URL.
 `--insecure-policy` flag is used to connect to the attestation agent and will not impact the security of the project.
 
+At this point it is a good idea to inspect the image was really encrypted as skopeo can silently leave it unencrypted. Use
+`skopeo inspect` as shown below to check that the layers MIME types are **application/vnd.oci.image.layer.v1.tar+gzip+encrypted**:
+
+```
+skopeo inspect docker-daemon:[REGISTRY_URL]:encrypted
+```
+
 Push the encrypted image to the registry:
 
 ```