Skip to content

Sealing the Container

In order to seal the state of a container/project, all relevant data objects are hashed and written into a file [1] The hashsums are then signed by a private key associated with the owner of the project. [2]

[1] The hash values should be stored in a dedicated file since other files like the manifest need to be hashed as well.

[2] How do we manage private keys? Idea A) Generate private X. 509 keys on the client side of the platform (javascrypt?) and use the email address of the owner as identifier. The public key is added to the repository, the private key is destroyed after signing to avoid key management

What files need to be hashed:

  • Content files specified by the owner (databases, scripts)
  • Container image files (Docker images - are already referenced by hash sums)
  • Manifest file