Container image security with encrypted container images


When it comes to container image security, you may have heard about image signatures, such as Docker Content Trust and Red Hat Image Signing. These technologies guarantee the integrity and provenance of the container image, checking if it was created by someone we trust and has not been tampered with.

This is a major improvement in the security of the container image, but security gaps remain in protecting the confidentiality of the images and ensuring that untrusted hosts do not execute them. For example, if a record is compromised, we don’t want our top-secret algorithms to be stolen. In addition, we want to have additional cryptographic security so that if an image is stolen in any way, it cannot be run on non-certified machines (such as from a compliance perspective).

Container Image Security is a problematic space that IBM Research has been facing with the collaboration of container specialists from containerd, Red Hat and the Open Container Initiative (OCI) community. Through this collaboration, an encrypted container image definition around the OCI was developed, allowing the encryption of layers of this image. Today, encrypted container images are supported in several projects across the ecosystem, including containerd, crio, skopeo and the Docker Distribution project.


To get the most out of this article, you must have basic knowledge of container technology and basic knowledge of encryption and security.

What are encrypted container images?

Encrypted container images are OCI images with encrypted layers. For the purpose of this article, think of layers as parts of a container image. The way to identify whether an image includes encrypted content is simple. If an image layer has a media type with a + encrypted suffix at the end, the layer is encrypted! For example: application / vnd.oci.image.layer.v1.tar + gzip + encrypted.

This suffix indicates to the tools that the part of the image is encrypted, and the user will provide parameters (via command line arguments or configuration files) to be able to decrypt the encrypted part of the image. The types of keys supported should be familiar to developers today (RSA / GPG keys). The underlying protocols used to manage decryption authorization are PKCS # 7, JSON Web Encryption and OpenPGP. These protocols are designed to work with a company’s existing public key infrastructure (PKI).


Please enter your comment!
Please enter your name here