skopeo-standalone-sign - Debugging tool - Publish and sign an image in one step.
skopeo standalone-sign [
options]
manifest
docker-reference key-fingerprint --output|
-o
signature
This is primarily a debugging tool, useful for special cases, and usually should
not be a part of your normal operational workflow; use
skopeo copy
--sign-by instead to publish and sign an image in one step.
manifest Path to a file containing the image manifest
docker-reference A docker reference to identify the image with
key-fingerprint Key identity to use for signing
--help,
-h
Print usage statement
--output,
-o output file
Write signature to
output file.
--passphrase-file=
path
The passphare to use when signing with the key ID from
--sign-by. Only
the first line will be read. A passphrase stored in a file is of questionable
security if other users can read this file. Do not use this option if at all
avoidable.
$ skopeo standalone-sign busybox-manifest.json registry.example.com/example/busybox 1D8230F6CDB6A06716E414C1DB72F2188BB46CC8 --output busybox.signature
$
This command is intended for use with local signatures e.g. OpenPGP ( other
signature formats may be added in the future ), as per
containers-signature(5). Furthermore, this command does
not interact
with the artifacts generated by Docker Content Trust (DCT). For more
information, please see
containers-signature(5)
⟨
https://github.com/containers/image/blob/main/docs/containers-signature.5.md⟩.
skopeo(1),
skopeo-copy(1),
containers-signature(5)
Antonio Murdaca
[email protected] ⟨mailto:
[email protected]⟩,
Miloslav Trmac
[email protected] ⟨mailto:
[email protected]⟩, Jhon
Honce
[email protected] ⟨mailto:
[email protected]⟩