Merge pull request #15466 from mtrmac/image-trust-sigstore

podman image trust overhaul, incl. sigstore

1 files changed, 6 insertions, 3 deletions

diff --git a/docs/source/markdown/podman-image-trust.1.md b/docs/source/markdown/podman-image-trust.1.md
index 4e80bdcf5..2a7da82cc 100644
--- a/docs/source/markdown/podman-image-trust.1.md
+++ b/docs/source/markdown/podman-image-trust.1.md
@@ -32,7 +32,8 @@ Trust **type** provides a way to:
 
 Allowlist ("accept") or
 Denylist ("reject") registries or
-Require signature (“signedBy”).
+Require a simple signing signature (“signedBy”),
+Require a sigstore signature ("sigstoreSigned").
 
 Trust may be updated using the command **podman image trust set** for an existing trust scope.
 
@@ -45,12 +46,14 @@ Trust may be updated using the command **podman image trust set** for an existin
 #### **--pubkeysfile**, **-f**=*KEY1*
   A path to an exported public key on the local system. Key paths
   will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to
-  require an image be signed by multiple keys.  The **--pubkeysfile** option is required for the **signedBy** type.
+  require an image be signed by multiple keys.  The **--pubkeysfile** option is required for the **signedBy** and **sigstoreSigned** types.
 
 #### **--type**, **-t**=*value*
   The trust type for this policy entry.
   Accepted values:
-    **signedBy** (default): Require signatures with corresponding list of
+    **signedBy** (default): Require simple signing signatures with corresponding list of
+                        public keys
+    **sigstoreSigned**: Require sigstore signatures with corresponding list of
                         public keys
     **accept**: do not require any signatures for this
             registry scope