I've enabled content trust via the DOCKER_CONTENT_TRUST=1 env var which enables this for the CLI when I build, tag, and push. If I'm running docker swarms, is there a way to get the engines to only deploy signed images (e.g. if I pass the DOCKER_CONTENT_TRUST on the exec line for service startup on my docker nodes, does this work as expected?).
I want to make sure only signed images run in production.
The CLI can be easily changed to disable content trust. I'm looking for a way to make sure we only deploy signed images to our production env.