Skip to content

Harbor Deprecates Notary v1 Support in v2.9.0

Wang Yan edited this page Sep 1, 2023 · 5 revisions

Starting from version 2.9.0, Harbor has deprecated support for Notary v1. For users who rely on artifact signing, we recommend choosing either Cosign or Notation(experimental) (Notary v2) as the alternative solutions.

Migrating Notary Signatures:

Please note that Notary v1 does not support storing signatures using the OCI format, which is the standard format for Cosign or Notation signatures. As a result, there is no straightforward way to migrate Notary v1 signatures to the OCI artifact format.

Managing Notary Signatures:

Before upgrading to v2.9.0, we strongly suggest removing any existing Notary signatures. Harbor will not automatically remove these signatures during the migration process. However, you will still be able to access them through the database. Please note that these signatures will no longer be used after the upgrade, and you can safely remove them manually at any time.

Important:

To ensure the continued functionality of your Content Trust policy after the migration, it is necessary to follow our guidance provided in the documentation. This guidance will assist you in re-signing all the previously signed images using either Cosign or Notation. Additionally, remember to enable the Content Trust policy (Cosign or Notation) once again to maintain the desired security measures.