openshift · mburke5678 · Nov 15, 2017 · Oct 4, 2017 · thomasmckay · Oct 4, 2017
diff --git a/admin_guide/image_signatures.adoc b/admin_guide/image_signatures.adoc
@@ -247,3 +247,25 @@ the `<name>` is the name of the signature. The signature name must be 32
 characters long. The `<cryptographic_signature>` must follow the specification
 documented in the
 link:https://github.com/containers/image/blob/master/docs/atomic-signature.md#the-cryptographic-signature[containers/image] library.
+
+[[importing-signatures-from-sigstore]]
+=== Importing Image Signatures Automatically from Signature Stores
+
+{{product-title}} can automatically import image signatures if an signature
+store is configured on all {{product-title}} master nodes. The configuration is
+located in `/etc/containers/registries.d` directory. For more details about the
+configuration format visit
+link:https://github.com/containers/image/blob/master/docs/registries.d.md[containers/image]
+library documentation.
+
+A sample configuration that will cause image signatures to be imported
+automatically for all Red Hat images:
+
+----
+docker:
+  registry.access.redhat.com:
+    sigstore: https://access.redhat.com/webassets/docker/content/sigstore
+----
+
+Note that all signatures imported automatically by {{product-title}} will be
+"unverified" by default and will have to be verified by image administrators.