ACR Content Trust

Jan 1, 0001

Definition

Azure Container Registry (ACR) Content Trust is a security feature that ensures the integrity and authenticity of container images by enabling image signing and verification. It uses Docker Content Trust (DCT) to sign images with a private key and verify them with a public key, ensuring that only trusted images are deployed. This mechanism helps prevent the execution of tampered or unauthorized images in production environments.

Secure Settings Example

# Enable content trust for Docker CLI
export DOCKER_CONTENT_TRUST=1

# Example command to sign an image before pushing to ACR
docker trust sign myregistry.azurecr.io/myimage:latest

Insecure Settings Example

# Content trust is not enabled, allowing unsigned images to be pushed and pulled
export DOCKER_CONTENT_TRUST=0

# Pushing an image without signing
docker push myregistry.azurecr.io/myimage:latest

ACR Content Trust

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter