Issue: signing docker images.
OS: container running Linux of Circle CI or GitHub Actions pipeline.
App Version: Any.
Steps to reproduce: No steps currently.

After reading this article Signing Docker Official Images Using OpenPubkey; I’ve been looking into using OpenPubKey to sign my docker images with registries that are hosted on Docker Hub.

I understand that this is all new and not everything may be working right now. However, I’d like to get a jump on this process. Or at least know where it currently is so that I can stay informed.

I’ve never signed an image before. Do I just use the current DCT process with an external key, that being the PK Token I get back from the OpenIDC provider?