I'm trying following scenario.
On my laptop I have created a delegation key. On a server I have created the target and authorized my delegation key Now when signing my Docker image via docker trust I'm getting following error.
An error occurred during validation: rpc error: code = 5 desc = key 6505d5d177b8ad1868d721f0043d0f16f4fc7cdbf27a0940c6f1ef52a95b15b9 not found
This 6505…. key is the private key for the target on the other machine, which I don’t have on my current machine.
Is what I'm trying even possible? Do I somehow have to synchronize all the keys to be able to do this?
Wanted to keep the targets on a server for backup reasons as well for limiting who has access to those keys.
I have also filed a related github ticket.
I found the solution.
What is required to make this happen is to have the notary-server manage the snapshot.
By default this certificate is managed by the client.
See the fix here.
https://github.com/philips-labs/dct-notary-admin/commit/bc0269d93370e2d3d474abdeaca6b0146a440144
Now a client only needs the delegation key once thei delegation key is authorized on the given target.