Docker Content Trust at the Engine

I’ve enabled content trust via the DOCKER_CONTENT_TRUST=1 env var which enables this for the CLI when I build, tag, and push. If I’m running docker swarms, is there a way to get the engines to only deploy signed images (e.g. if I pass the DOCKER_CONTENT_TRUST on the exec line for service startup on my docker nodes, does this work as expected?).

I want to make sure only signed images run in production.

The CLI can be easily changed to disable content trust. I’m looking for a way to make sure we only deploy signed images to our production env.

I answered my own question:

DOCKER_CONTENT_TRUST=1 is only for the CLI and has no effect for the other docker engines (e.g. setting it on startup, won’t preclude an unsigned image from being launched if the CLI variable is not turned on).

After more thought I realize this would be insufficient anyway, as Content Trust is really about a set of repo keys that you must whitelist. That is, you could use a set up public repo keys to indicate “these are the repos we accept signed images from.” You’d then have to have a way of insuring this when a docker run command was executed. It seems like one would need to fully wrap docker to perform this type of a check. For example, the plugin libraries do not seem to handle this type of case (e.g. validate run or create arguments).