Link Search Menu Expand Document
Start for Free

Verifying the Docker Image Signature

This page explains how to confirm that the Stardog image pulled from Docker Hub is digitally signed.

As of version 11.0.0, the Stardog image in Docker Hub is digitally signed by Stardog. Docker provides information about their Content Trust system in their online documentation here.

If you want to enforce that the image you use is digitally signed, set the environment variable DOCKER_CONTENT_TRUST to 1 before running docker pull (see more here).

If you want to verify the image on Docker Hub is digitally signed, you can run the command:

$ docker trust inspect stardog/stardog:latest --pretty

Signatures for stardog/stardog:latest

SIGNED TAG   DIGEST                                                             SIGNERS
latest       915070c7a72bba4bcae66789d21a59c33574f10eaed277eee57fc9ecdccf34c4   stardog

List of signers and their keys for stardog/stardog:latest

SIGNER    KEYS
stardog   3e6e217a9a9e

Administrative keys for stardog/stardog:latest

Repository Key:	1acd5f77de79aa54dbefd726caf47aecb39767b0342b27c677deb20ee09462d6
Root Key:	084fa0e02607008ff0e00ee4c29762bf0094a6a188c91de3d21dd8f7a71e5653

Note this is the signature for Stardog 11.0.0, and yours will look different if you’re using a more recent version.