Docker Content Trust (DCT)

Code integrity is extremely important, especially if you are running a cryptocurrency exchange.
Since HollaEx Kit is an open-source project, you can verify the code at any time by going to Github, but sometimes it's not enough. Internet is a wild jungle and you can't always trust what you download is what you intended to get.
Docker Content Trust is the savior in this context. It helps you to verify the image integrity. It has digital signatures signed by the issuers. By checking it, you can verify that the image is provided by the trustable issuers and that it has not been corrupted or tampered with.
Here's the way how you can check the image signature to check the image integrity
# To verify the Docker Image Registry's Integrity
docker trust inspect --pretty hollaex/hollaex-kit
Signatures for hollaex/hollaex-kit
SIGNED TAG DIGEST SIGNERS
2.6.0 646cfb4025a0c1bd9aa7f83b9caa3821f927320e7ab646edc091f7d1e6874099 kycfeel
2.6.1 852cc61067627f00b9b4b1873e9eb95968509e588fb6bf003a81e7fbc207e059 kycfeel
2.6.2 4d0ef0b68ba8c91c710e508090f16cf09fa629561bd7f89c3b2ba48aa87d2efa kycfeel
2.6.4 1d5ab0d9a625568f6c85fdba340ab9c5b95df6c93ecffd0b280154b7f6795923 bitholla-cicd
2.6.4-testnet-9f10d6c 4d7fbbf53c225aed9ea80f7f75d6c3d8e3cd30272409465907d675b99b6eda2f bitholla-cicd
2.6.5 823389853904a5ad3eac54c160307c3e278334d1747521be85901147ac0ef8c7 bitholla-cicd
2.6.5-testnet-8eaa2e6 5cbe291c226380e456df5c747ef2fc0ab0a3701abcb25e971f6a50c4784528d0 bitholla-cicd
2.6.5-testnet-35f20e3 978dc0a71d18abb734621bb2b1a8cf0efc31233f01736eaaa2a5d61ebf6a4db1 bitholla-cicd
2.6.5-testnet-845193c aa614edf4865a7bd101da9022b22220b6f4c6c7bea231cf844d9f4b1a0f94074 bitholla-cicd
2.6.6 c4d328852f6a5ef863a51ee565e50ff07902aafef241fa9df34a0efa28fa5c78 bitholla-cicd
2.6.6-testnet-33a79b5 1043084f699fd27d21e0cbe4af0782962833521b868ab82e9522964c5fa99552 bitholla-cicd
2.6.6-testnet-ac5b38a 7e0e2312cf453625fadb8ee490672db69044668a2b036a492014eeb71c6cce34 bitholla-cicd
2.7.0-testnet-2fbd466 68d9d42f11f6850fbdd8a369a97486f3ad1a8d04a1dea7f78e46784dc3f0563b bitholla-cicd
2.7.0-testnet-4ec79cc 69bd951957716d08a67f2adf954f4176273ae55eb08b40b5804a4e5354b3cc8d bitholla-cicd
2.7.0-testnet-70d9b05 e35beab2873a3eb23d915170f7323711019e1019f6ad78f124cf654638733dde bitholla-cicd
2.7.0-testnet-19001b5 71940d2d4678fc82a7ecfbe273c24df8e236a7c96bbe8a7684b24af450f3c47f bitholla-cicd
2.7.0-testnet-26793e3 e2002f772014ff7b8f68f85576441b9081544129e015da464f2007c2912ea40c bitholla-cicd
2.7.0-testnet-86884d5 b30a943229c359905a9873a735c83f278b86934877f83ae5895d741865d75663 bitholla-cicd
2.7.0-testnet-0301326 3e10a277e1ecbee6e348fe3ab5621c6d5bc99a98cafbc646a57102c1fd467183 bitholla-cicd
2.7.0-testnet-581684f dae03bfdb787d8cc544f06fda24b3a73be620bfebbd86fb4f0f08d75fc8d6e78 bitholla-cicd
2.7.0-testnet-aba85bb 40eb2f5e384187290d8e402180c809f5711241e84427d37ded08db061a362d6b bitholla-cicd
2.7.0-testnet-b054fab acbd85285bef78e1c87620a9c9b857b6d7c5ee3d5e7f1b2038fa384c4c338d86 bitholla-cicd
2.7.0-testnet-bbec3a1 c51088169963f57c8325b82823d6ae6d6c9a15b3cf6cd92bda1d156bda31409a bitholla-cicd
2.7.0-testnet-e7af264 33111e569fccc276da2d54cce2e184c83b658a1b669b32ef41527ff389309404 bitholla-cicd
List of signers and their keys for hollaex/hollaex-kit
SIGNER KEYS
bitholla-cicd 2aa7f2853b76, 88ce8696c017, e5d3558d7565
kycfeel 1174213aeba1
Administrative keys for hollaex/hollaex-kit
Repository Key: bc606a961f2aea3a06d9af261ed57f9dfb57a35731535a180fe2b198356d4e93
Root Key: cfca4876cdd17155f797a1b5db695b9ea6c0de652359919ac421da1a42aa3c54
# To verity the integrity of a specific image
docker trust inspect --pretty hollaex/hollaex-kit:2.6.6
Signatures for hollaex/hollaex-kit:2.6.6
SIGNED TAG DIGEST SIGNERS
2.6.6 c4d328852f6a5ef863a51ee565e50ff07902aafef241fa9df34a0efa28fa5c78 bitholla-cicd
List of signers and their keys for hollaex/hollaex-kit:2.6.6
SIGNER KEYS
bitholla-cicd 2aa7f2853b76, 88ce8696c017, e5d3558d7565
kycfeel 1174213aeba1
Administrative keys for hollaex/hollaex-kit:2.6.6
Repository Key: bc606a961f2aea3a06d9af261ed57f9dfb57a35731535a180fe2b198356d4e93
Root Key: cfca4876cdd17155f797a1b5db695b9ea6c0de652359919ac421da1a42aa3c54
In order to enforce pulling ONLY the DCT signed images for extra security you can set the following command for docker:
export DOCKER_CONTENT_TRUST=1
Last modified 2mo ago