Sign images

Mirantis Secure Registry (MSR) supports two image-signing mechanisms. Cosign is the current recommended approach, while Docker Content Trust (DCT) is deprecated.

Mechanism

Status

Recommended use

Cosign

Recommended

All new and existing signing workflows on MSR 2.10.

Docker Content Trust

Deprecated

MSR 2.9 environments with existing DCT signatures that have not yet migrated to Cosign.