Enabling DCT for the client

In order to enforce DCT when using the Docker CLI for push, build, create, pull, and run, you have to set the DOCKER_CONTENT_TRUST environment variable to 1. By default, DCT is disabled for Docker client. Follow these steps:

1. Set the DOCKER_CONTENT_TRUST environment variable in the current PowerShell session:

$env:DOCKER_CONTENT_TRUST=1

2. Run a new container using the signed image that we just created:

docker run -d --rm docker.io/packtpubkubernetesonwindows/iis-demo:1.0.1

3. You will notice that the container starts without any problem. Now, try creating a new container using the latest tag, which was not signed:

PS C:\src> docker run -d --rm docker.io/packtpubkubernetesonwindows/iis-demo:latest
C:\Program Files\Docker\Docker\Resources\bin\docker.exe: No valid trust data for latest.
See 'C:\Program Files\Docker\Docker\Resources\bin\docker.exe run --help'.

This short scenario shows how DCT can be used to ensure the integrity and source of the image that's used for container creation.