Delete imagesEstimated reading time: 2 minutes
To delete an image, navigate to the Tags tab of the repository page on the DTR web interface. In the Tags tab, select all the image tags you want to delete, and click the Delete button.
You can also delete all image versions by deleting the repository. To delete a repository, navigate to Settings and click Delete under “Delete Repository”.
Delete signed images
DTR only allows deleting images if the image has not been signed. You first need to delete all the trust data associated with the image before you are able to delete the image.
There are three steps to delete a signed image:
- Find which roles signed the image.
- Remove the trust data for each role.
- The image is now unsigned, so you can delete it.
Find which roles signed an image
To find which roles signed an image, you first need to learn which roles are trusted to sign the image.
Set up your Notary client, and run:
notary delegation list dtr-example.com/library/wordpress
In this example, the repository owner delegated trust to the
ROLE PATHS KEY IDS THRESHOLD ---- ----- ------- --------- targets/releases "" <all paths> c3470c45cefde5447cf215d8b05832b0d0aceb6846dfa051db249d5a32ea9bc8 1 targets/qa "" <all paths> c3470c45cefde5447cf215d8b05832b0d0aceb6846dfa051db249d5a32ea9bc8 1
Now that you know which roles are allowed to sign images in this repository, you can learn which roles actually signed it:
# Check if the image was signed by the "targets" role notary list dtr-example.com/library/wordpress # Check if the image was signed by a specific role notary list dtr-example.com/library/wordpress --roles <role-name>
In this example the image was signed by three roles:
Remove trust data for a role
Once you know which roles signed an image, you’ll be able to remove trust data for those roles. Only users with private keys that have the roles are able to do this operation.
For each role that signed the image, run:
notary remove dtr-example.com/library/wordpress <tag> \ --roles <role-name> --publish
Once you’ve removed trust data for all roles, DTR shows the image as unsigned. Then you can delete it.