Docker Community Forums

Share and learn in the Docker community.

UCP 2.0.1 with DTR: Error creating container: required at least one valid signer, none found


Hi there

I cannot get any trusted images deployed to my UCP cluster when I require content trust. I have set Content Trust in UCP to allow any valid UCP user.

On the DTR server I have created a new repository, under the username “james”. There is a user account called “james” on the UCP cluster that I am also using.

I have installed the notary client and configured it with the UCP bundle. I have then run:

notary init -p

(quru is an Organization on the DTR server, and james is a member of the quru organization)

And set up passwords for the relevant keys. Where I was asked to log in, I provided the “james” user account details for DTR, which were accepted.

I then perform a “docker login” with the user account “james”.


And finally: docker push

The image is successfully signed, and appears in DTR as signed. I can manually deploy the image to any of my docker worker nodes using:

docker pull

This works fine.

However if I try and use this image in a simple docker-compose from the UCP interface, I am met with the error:

Error creating container: required at least one valid signer, none found

What does UCP consider as a valid signer, and what am I doing wrong here? This is frustratingly close to working!


Hi James,

As per the docs (, did you create the necessary delegations for the repository?

I have tried a simple test case of an admin user of DDC that have created a repository and has signed some tags using delegation signing and I always got an error when I run/pull/create service on docker datacenter 2.0. I have attached my test case:
test_signing_jsoler.pdf (1.1 MB)

Could you help me find out where is my mistake ?


Well support team help me to find out the solution