sharenet/registry/containers-policy.json

{
  "default": [{ "type": "reject" }],
  "transports": {
    "docker": {
      "REGISTRY_HOST": [
        {
          "type": "sigstoreSigned",
          "keyPath": "/etc/containers/keys/org-cosign.pub",
          "signedIdentity": { "type": "matchRepository" }
        }
      ],
      "REGISTRY_HOST:4443": [
        {
          "type": "sigstoreSigned",
          "keyPath": "/etc/containers/keys/org-cosign.pub",
          "signedIdentity": { "type": "matchRepository" }
        }
      ],
      "docker.io": [{ "type": "reject" }]
    },
    "docker-daemon": { "": [{ "type": "reject" }] }
  }
}