image-verifier-plugins
Settings for configuring image verifier plugins (
settings.image-verifier-plugins.*)Note: These settings are only available on aws-ecs-3 variants.
Setting list for settings.image-verifier-plugins
settings.image-verifier-plugins.enabledsettings.image-verifier-plugins.notationsettings.image-verifier-plugins.notation.trustpolicy
Full Reference
settings.image-verifier-plugins.enabled
Controls whether image verifier plugins are enabled. When enabled, container images will be verified using the configured plugins before being allowed to run.
Default: false
truefalse
# Enable image verifier plugins
[settings.image-verifier-plugins]
enabled = trueEnable image verifier plugins
apiclient set settings.image-verifier-plugins.enabled=truesettings.image-verifier-plugins.notation
Configuration for Notation-based image verification.
settings.image-verifier-plugins.notation.trustpolicy
Base64 encoded trustpolicy.json file for Notation verification. The trust policy defines which identities are trusted to sign container images and the verification requirements.
Accepted values:- Base64 encoded JSON string
# Base64 encoded empty trust policy
[settings.image-verifier-plugins]
notation-trustpolicy = "ewogICJ2ZXJzaW9uIjogIjEuMCIsCiAgInRydXN0UG9saWNpZXMiOiBbXQp9"Base64 encoded empty trust policy
apiclient set settings.image-verifier-plugins.notation.trustpolicy="ewogICJ2ZXJzaW9uIjogIjEuMCIsCiAgInRydXN0UG9saWNpZXMiOiBbXQp9"