Looking to provide IT operations teams with greater confidence in Docker security, Docker the company today unveiled a mechanism that promises to make it simpler for developers to attach digital signatures to Docker images.
Available now, Docker Content Trust makes use of Notary and The Update Framework (TUF), a set of frameworks designed to securely distribute content and updates to software. The trust makes certain central commands in Docker, such as “push,” “pull,” “build,” “create,” and “run,” will only operate on images that either have content signatures or explicit content hashes.
Docker security has been one of the most often cited barriers to adoption of the popular system for splitting software applications into Linux containers to make those applications easy to deploy on any type of infrastructure.
Diogo Mónica, Docker security lead, said the trust is specifically designed to be both simple to implement and difficult to compromise.
“We think we went above and beyond on this,” said Mónica. “We’ve made an effort to leapfrog everything that is out there.”
Specifically, the Docker Content Trust consists of two distinct encryption keys. An Offline (root) key and a Tagging (per-repository) key that are generated and stored client-side. Each repository has its own unique tagging key, which is invoked any time new content is added or removed from the repository. Because the tagging key is online, Docker acknowledges that key is vulnerable to being compromised. With Docker Content Trust, the developer can securely rotate compromised keys by using the offline key, which ideally would be securely stored offline.
In addition, the trust can generate a Timestamp key that provides protection against replay attacks, which would allow someone to serve signed but expired content. The Timestamp key can be used to make sure that any content that is older than two weeks does not get served without a new set of keys being generated, said Mónica.
By making the digital signatures simple to generate, Mónica said, Docker is aiming for ubiquitous adoption of digital signatures as a means to make Docker images more secure than any other vehicle for delivering software. From an IT operations perspective, the Docker Content Trust means that IT organizations now have a way to easily validate what Docker images actually get deployed in a production environment.
Whether that capability results in broader adoption of Docker containers and images in production environments naturally remains to be seen. But the one thing that is for certain is that anything that reduces the burden of securing production applications in the enterprise is likely to be well received by internal IT operations teams that are generally held more accountable for security than developers.