当前位置: 首页 > 文档资料 > Yubikey 使用手册 >

Docker 内容信任 - 运行 Notary 服务

优质
小牛编辑
126浏览
2023-12-01

Running Notary services

In an organization, a internal Notary HA deployment is expected to be available in order for Docker Content Trust to be usable. Hence, this topic assumes familiarity with the Notary service architecture.

Notary ships with support for multiple storage backends. Choose one appropriate to your infrastructure and team.

Both notary-server and notary-signer should be behind a load balancer. The public facing entry is notary-server and only serves public data. The notary-signer stores the timestamp keys online - it can be compared to an HSM.

The content publisher owns the client side key and is the one responsible for publishing new content.