Manual signing

Manual signing uses the Notation CLI and AWS Signer plugin to sign images before pushing them to Amazon ECR. This method provides more control over the signing process and is useful when you need to sign images outside of the push workflow or require fine-grained control over signing operations.

For detailed instructions about signing container images using the Notation CLI and AWS Signer, see Sign container images in Signer and the related topics in the AWS Signer Developer Guide.

Prerequisites

Before you begin, The following prerequisites must be met.

Install and configure the latest version of the AWS CLI. For more information, see Installing or updating the latest version of the AWS CLI in the AWS Command Line Interface User Guide.
Install the Notation CLI and the AWS Signer plugin for Notation. For more information, see Prerequisites for signing container images in the AWS Signer Developer Guide.
Have a container image stored in an Amazon ECR private repository to sign. For more information, see Pushing an image to an Amazon ECR private repository.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Signature verification

Scan images for vulnerabilities