Feature: Any pushed docker image to ACR is signed automatically

[ayanibr]

Is this a BUG REPORT or FEATURE REQUEST?: FEATURE

What happened?: At the moment, to have signed images in the registry, the set of manual steps are required using cli or using pipeline yaml to sign and push docker images.

What we expect: It would be nice to have an option to sign images automatically which are pushed to ACR.

Instead of using cli or yaml pipeline, the option to configure the ACR itself with keys and certificates to sign any image pushed to registry or to have filter/option to sign image based on tag value.

[Monishguru]

@ayanibr With Azure DevOps Pipeline, when trying to push the image with the sign, we get the following error. Have you ever came across this, if yes can you please let us know what exactly is missing ...we have initialized the repo with a delegate key and we are able to see all the keys when we do a trust inspect...any help would be appreciated

##[error]time="2021-06-29T10:07:28Z" level=error msg="couldn't add target to targets/zzzzz: could not find necessary signing keys, at least one of these keys must be available: xxxxxxxxxxxxxxxxxxxxxxxxxxxx" ##[error]failed to sign repo/test/pipeline-templates_tests_docker_build_v3:20210629100550.62491.521a451: could not find necessary signing keys, at least one of these keys must be available: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ##[error]The process '/usr/bin/docker' failed with exit code 1

[terencet-dev]

Closing as this has been inactive for over three months. Please open a support ticket with our team for assistance.