- Running Notary services
Running Notary services
In an organization, a internal Notary HA deployment is expected to be available in order for Docker Content Trust to be usable. Hence, this topic assumes familiarity with the Notary service architecture.
Notary ships with support for multiple storage backends. Choose one appropriate to your infrastructure and team.
Both notary-server
and notary-signer
should be behind a load balancer. The public facing entry is notary-server
and only serves public data. The notary-signer
stores the timestamp keys online - it can be compared to an HSM.
The content publisher owns the client side key and is the one responsible for publishing new content.