summaryrefslogtreecommitdiff
path: root/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_signer_remove%2Findex.html
blob: 79cda9633536f9aec49607a306dec8d24100b501 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

<h1>docker trust signer remove</h1>  <p><br></p> <p>Remove a signer</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove [OPTIONS] NAME REPOSITORY [REPOSITORY...]
</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust signer remove</code> removes signers from signed repositories.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td>
<code class="language-plaintext highlighter-rouge">--force</code> , <code class="language-plaintext highlighter-rouge">-f</code>
</td> <td></td> <td>Do not prompt for confirmation before removing the most recent signer</td> </tr>  </tbody> </table>  <h2 id="examples">Examples</h2> <h3 id="remove-a-signer-from-a-repo">Remove a signer from a repo</h3> <p>To remove an existing signer, <code class="language-plaintext highlighter-rouge">alice</code>, from this repository:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo

No signatures for example/trust-demo


List of signers and their keys:

SIGNER              KEYS
alice               05e87edcaecb
bob                 5600f5ab76a2

Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <p>Remove <code class="language-plaintext highlighter-rouge">alice</code> with <code class="language-plaintext highlighter-rouge">docker trust signer remove</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove alice example/trust-demo

Removing signer "alice" from image example/trust-demo...
Enter passphrase for repository key with ID 642692c:
Successfully removed alice from example/trust-demo
</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> now does not list <code class="language-plaintext highlighter-rouge">alice</code> as a valid signer:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo

No signatures for example/trust-demo


List of signers and their keys:

SIGNER              KEYS
bob                 5600f5ab76a2

Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <h3 id="remove-a-signer-from-multiple-repos">Remove a signer from multiple repos</h3> <p>To remove an existing signer, <code class="language-plaintext highlighter-rouge">alice</code>, from multiple repositories:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo

SIGNED TAG          DIGEST                                                             SIGNERS
v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   alice, bob

List of signers and their keys:

SIGNER              KEYS
alice               05e87edcaecb
bob                 5600f5ab76a2

Administrative keys for example/trust-demo:
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo2

SIGNED TAG          DIGEST                                                             SIGNERS
v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   alice, bob

List of signers and their keys:

SIGNER              KEYS
alice               05e87edcaecb
bob                 5600f5ab76a2

Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <p>Remove <code class="language-plaintext highlighter-rouge">alice</code> from both images with a single <code class="language-plaintext highlighter-rouge">docker trust signer remove</code> command:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove alice example/trust-demo example/trust-demo2

Removing signer "alice" from image example/trust-demo...
Enter passphrase for repository key with ID 95b9e55:
Successfully removed alice from example/trust-demo

Removing signer "alice" from image example/trust-demo2...
Enter passphrase for repository key with ID ece554f:
Successfully removed alice from example/trust-demo2
</pre></div> <p>Run <code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> to confirm that <code class="language-plaintext highlighter-rouge">alice</code> is no longer listed as a valid signer of either <code class="language-plaintext highlighter-rouge">example/trust-demo</code> or <code class="language-plaintext highlighter-rouge">example/trust-demo2</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo

SIGNED TAG          DIGEST                                                             SIGNERS
v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob

List of signers and their keys:

SIGNER              KEYS
bob                 5600f5ab76a2

Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo2

SIGNED TAG          DIGEST                                                             SIGNERS
v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   bob

List of signers and their keys:

SIGNER              KEYS
bob                 5600f5ab76a2

Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust signer remove</code> removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust signer remove alice example/unauthorized example/authorized

Removing signer "alice" from image example/unauthorized...
No signer alice for image example/unauthorized

Removing signer "alice" from image example/authorized...
Enter passphrase for repository key with ID c6772a0:
Successfully removed alice from example/authorized

Error removing signer from: example/unauthorized
</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust_signer/index">docker trust signer</a></td> <td style="text-align: left">Manage entities who can sign Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_signer_add/index">docker trust signer add</a></td> <td>Add a signer</td> </tr> <tr> <td><a href="index">docker trust signer remove</a></td> <td>Remove a signer</td> </tr> </tbody> </table> <div class="_attribution">
  <p class="_attribution-p">
    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
    <a href="https://docs.docker.com/engine/reference/commandline/trust_signer_remove/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_signer_remove/</a>
  </p>
</div>
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-27 20:51:20 +0000