What is Binary authorisation?

Binary Authorisation is a deploy-time security control, ensuring only trusted container images can be deployed to Kubernetes.

The process requires signatures for Docker images from trusted authorities during development and then enforces signature verification when deploying.

This lets you have firmer control over your container environment by making sure only verified images can be integrated.

Benefits of using Binary Authorisation

It provides your deployment team with:

Confidence that only definitively-authorised container images will be deployed to Kubernetes

A reduced risk of any inadvertent or malicious code being used in your environment

Deploying Binary Authorisation

The deployment process relies on the image digest produced by the Docker registry. As your registry and Thought Machine's are separate, the digests will differ. This means you will need to reattest the images to support Binary Authorisation.

Thought Machine provides you with a token and endpoint so you can pull images and attestations from our infrastructure.