Sign sourcegraph/server docker images
View options
Created by: KattMingMing
Users / companies may only want/have permission to run signed docker images. Our images are currently unsigned which isn't a major issue for most users since content trust is disabled by default. Users can enable it via DOCKER_CONTENT_TRUST=1.
Signing images could be done in a similar way to Mongo. latest is unsigned, but tagged releases are signed.
See Docker documentation for more details on content trust: https://docs.docker.com/engine/security/trust/content_trust/