CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-python-on-whales

A Docker client for Python, designed to be fun and intuitive!

Pending
Overview
Eval results
Files

trust.mddocs/

Trust Management

Docker Content Trust for image signing and verification. This component provides cryptographic signing of Docker images to ensure authenticity and integrity, though the implementation is currently a work in progress.

Note: The Trust functionality is currently not implemented in python-on-whales. The methods exist as placeholders for future development.

Capabilities

Trust Inspection

Inspect trust metadata for signed images.

def inspect() -> None:
    """
    Inspect trust metadata for images.
    
    Note: This method is not yet implemented.
    """

Trust Revocation

Revoke trust signatures for images.

def revoke() -> None:
    """
    Revoke trust signatures for images.
    
    Note: This method is not yet implemented.
    """

Trust Signing

Sign Docker images with cryptographic signatures.

def sign() -> None:
    """
    Sign Docker images for content trust.
    
    Note: This method is not yet implemented.
    """

Future Usage Examples:

When implemented, Docker Content Trust operations would work like this:

from python_on_whales import docker

# These examples show planned functionality - not currently working

# Sign an image (future functionality)
# docker.trust.sign("myregistry.com/myapp:v1.0.0")

# Inspect trust information (future functionality)  
# trust_info = docker.trust.inspect("myregistry.com/myapp:v1.0.0")
# print(f"Signers: {trust_info.signers}")
# print(f"Valid signatures: {trust_info.valid}")

# Revoke a signature (future functionality)
# docker.trust.revoke("myregistry.com/myapp:v1.0.0", key="release-key")

# Content trust is typically configured via environment variables:
# export DOCKER_CONTENT_TRUST=1
# export DOCKER_CONTENT_TRUST_SERVER=https://notary.example.com

Implementation Status

The Trust component is currently a placeholder in python-on-whales. Docker Content Trust functionality would provide:

  • Image Signing: Cryptographically sign images using private keys
  • Signature Verification: Verify image signatures before pulling/running
  • Key Management: Manage signing keys and trust relationships
  • Notary Integration: Work with Docker Notary servers for distributed trust
  • Policy Enforcement: Configure trust policies for registries and repositories

When implemented, this would enable secure supply chain workflows where only signed images from trusted publishers can be deployed in production environments.

Types

# Future types when trust functionality is implemented

class TrustData:
    repository: str
    signed_tags: List[SignedTag]
    signers: List[Signer]
    administrative_keys: List[Key]

class SignedTag:
    signed_tag: str
    digest: str
    signers: List[str]

class Signer:
    name: str
    keys: List[Key]

class Key:
    id: str
    role: str
    key_type: str

Install with Tessl CLI

npx tessl i tessl/pypi-python-on-whales

docs

build.md

client.md

compose.md

config.md

containers.md

context.md

images.md

index.md

manifest.md

networks.md

node.md

plugin.md

pod.md

secret.md

service.md

stack.md

swarm.md

system.md

task.md

trust.md

volumes.md

tile.json