Azure – Content Trust in ACR and Roles

Security and Authentication method – Content Trust

You need a container registry to start with


Content trust in Azure Container Registry

“Azure Container Registry implements Docker’s content trust model, enabling pushing and pulling of signed images.”
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust

Signing Role

ACRImageSigner     ( role is used for signing permissions)

AcrPush     ( role is used for ACR push)

For a list if built in roles and descriptions see here

Container registry roles see here


Azure CLI command to assign the ACRImageSigner role

az role assignment create –scope <registry ID> –role AcrImageSigner –assignee <user name>

ACR Tasks

Automate Container Image builds and ACR tasks info. An example use, for automating the build cycle. How “By executing az login with a service principal, your CI/CD solution could then issue az acr build commands to kick off image builds.”

Manage Resource Groups CLI

Azure CLI manage resource groups available here