cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon docker

docker trust key generate

Open danashviro opened this issue 5 years ago • 2 comments

  • [x] I have tried with the latest version of my channel (Stable or Edge)
  • [x] I have uploaded Diagnostics
  • Diagnostics ID: 8C89258C-657E-4040-B83B-AEA7A515D88A/20200629133505

I'm trying to generate trust key, in order to use Content trust for my images. I used this manual https://docs.docker.com/engine/security/trust/trust_delegation/#using-docker-trust-to-generate-keys on cmd: docker trust key generate {new key name} I'm getting Generating key for {new key name}... Enter passphrase for new {new key name} key with ID {id}:

I enters a passphrase (random string) and nothing happens

Expected behavior

after inserting a passphrase and pressing enter, Repeat passphrase for new {new key name} key with ID {id}: should appear

Actual behavior

nothing happens

Information

  • Windows Version: Windows 19 Enterprise 1909
  • Docker Desktop Version: 19.03.8, build afacb8b
  • Are you running inside a virtualized Windows e.g. on a cloud server or on a mac VM: no

Steps to reproduce the behavior

  1. docker trust key generate {new key name}
  2. enter a passphrase

danashviro avatar Jun 30 '20 14:06 danashviro

Hey, ive ran into the same problem, and i was wondering if youve been able to solve it somehow. Is there a way to install older versions of docker maybe?

gsus-gutierrez avatar Sep 22 '20 16:09 gsus-gutierrez

It happens on Windows machines for me as well, both using bash and powershell, with docker 19.03.12. On Linux and Mac it works fine. The only workaround I found is to set environment variables containing the passwords before calling docker trust key generate. It works well in scripts and automated processes, but clearly the behaviour should be fixed for windows. Example:

export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="some_long_key"
docker trust key generate devops

For the root passphrase, you need to export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE beforehand. Here some more info: https://docs.docker.com/engine/security/trust/trust_automation/ Also, the snapshot, targets and default passphrases will default to the DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE one (https://github.com/docker/cli/blob/ae1618713f83e7da07317d579d0675f578de22fa/cli/trust/trust.go).

krufab avatar Oct 12 '20 08:10 krufab