5.1.1 Enabling or Disabling Docker Content Trust

Content Trust allows you to verify the authenticity, integrity, and publication date of Docker images that are made available on the Docker Hub Registry.

By default, Content Trust is disabled. To enable Content Trust for signing and verifying Docker images that you build, push to, or pull from the Docker Hub, set the DOCKER_CONTENT_TRUST environment variable, for example:

# export DOCKER_CONTENT_TRUST=1

If you use sudo to run Docker commands, specify the -E option to preserve the environment or use visudo to add the following line to /etc/sudoers:

Defaults        env_keep += "DOCKER_CONTENT_TRUST"

For individual docker build, docker push, or docker pull commands, you can specify the --disable-content-trust=false and --disable-content-trust=true options to enable or disable Content Trust.

For more information, see https://blog.docker.com/2015/08/content-trust-docker-1-8/ and https://docs.docker.com/engine/security/trust/content_trust/.