From d09da26f06f36d0ac9616e9b9113b267bc593b70 Mon Sep 17 00:00:00 2001 From: Chris Swan Date: Thu, 17 Sep 2015 07:23:12 +0100 Subject: [PATCH] Clarify when keys are created and fix missing of Signed-off-by: Chris Swan Conflicts: docs/security/trust/content_trust.md --- docs/security/trust/content_trust.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/security/trust/content_trust.md b/docs/security/trust/content_trust.md index 270ac59d02..8c6766e4be 100644 --- a/docs/security/trust/content_trust.md +++ b/docs/security/trust/content_trust.md @@ -104,8 +104,9 @@ content hash always succeeds as long as the hash exists: $ docker pull someimage@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a ``` -Trust for an image tag is managed through the use of signing keys. Docker's content -trust makes use four different keys: +Trust for an image tag is managed through the use of signing keys. A key set is +created when an operation using content trust is first invoked. Docker's content +trust makes use of four different keys: | Key | Description | |---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -131,7 +132,7 @@ The following image depicts the various signing keys and their relationships: You should backup the offline key somewhere safe. Given that it is only required to create new repositories, it is a good idea to store it offline. Make sure you read [Manage keys for content trust](/security/trust/trust_key_mng) information -for details on creating, securing, and backing up your keys. +for details on securing, and backing up your keys. ## Survey of typical content trust operations