Document security best practices for signing into the registry with Notation
toddysm opened this issue · comments
Toddy Mladenov commented
As part of the release of Notation 1.0.0 we need to document the security best practices to sign into a registry using Notation. We should document the recommended way to sign in as well as other sign in options and what are the benefits and risks with using those. Things like using ENV variables or credentials as part of the CLI switches should be discouraged and the associated risks documented.