This document explains how to add a pair of signing keys to your Quay Enterprise installation allowing Quay to sign container images after converting them to ACI format.
chmod +x generate-signing-keys.sh
Edit the aci-signing-key-batch.txt configuration, replacing the email address, name, and comment with values appropriate for your site.
Run the generate script, giving the name of an output directory as the argument:
The script will create a pair of files beneath the given directory named
Generating initial keys gpg: Generating a default key gpg: done Generating public signing key Determining private key Exporting private signing key Private key name: CBFB447F Cleaning up Emitted outputdir/signing-private.gpg and outputdir/signing-public.gpg
Take note of the private key's name (example from above:
Visit the Quay superuser panel. Upload the pair of key files, and enter the generated private key name. Save the configuration and restart Quay Enterprise to enable signing of converted ACIs.