Notary v2
Definition
Notary v2 is an open-source project designed to provide a secure and standardized method for signing and verifying container images. It builds upon the original Notary project, aiming to improve the security and integrity of container supply chains by ensuring that images are signed by trusted entities before deployment. Notary v2 integrates with container registries and orchestrators to enforce image authenticity and prevent the execution of untrusted or tampered images.
Secure Settings Example
# Example configuration for a container registry using Notary v2
apiVersion: v1
kind: ConfigMap
metadata:
name: notary-config
data:
notary:
enabled: true
trustPolicy:
- name: "default"
trust: "enforce"
keys:
- id: "trusted-key-id"
type: "ecdsa"
path: "/etc/notary/trusted-key.pem"
signatures:
required: true
Insecure Settings Example
# Example of a misconfigured Notary v2 setup
apiVersion: v1
kind: ConfigMap
metadata:
name: notary-config
data:
notary:
enabled: false
trustPolicy:
- name: "default"
trust: "warn"
signatures:
required: false