diff --git a/build_files/build.sh b/build_files/build.sh
index 55eb7fa..ee24a99 100755
--- a/build_files/build.sh
+++ b/build_files/build.sh
@@ -5,6 +5,10 @@ set -ouex pipefail
 # Copy System Files onto root
 rsync -rvK /ctx/sys_files/ /
 
+# Copy cosign.pub key into the right location
+mkdir -p /etc/pki/containers
+cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub
+
 ### Install packages
 
 # Packages can be installed from any enabled yum repo on the image.
diff --git a/sys_files/usr/etc/containers/policy.json b/sys_files/usr/etc/containers/policy.json
new file mode 100644
index 0000000..efb2341
--- /dev/null
+++ b/sys_files/usr/etc/containers/policy.json
@@ -0,0 +1,32 @@
+{
+  "default": [
+    {
+      "type": "reject"
+    }
+  ],
+  "transports": {
+    "docker": {
+      "davejansen.dev": [
+        {
+          "type": "sigstoreSigned",
+          "keyPaths": ["/etc/pki/containers/davejansen.pub"],
+          "signedIdentity": {
+            "type": "matchRepository"
+          }
+        }
+      ],
+      "": [
+        {
+          "type": "insecureAcceptAnything"
+        }
+      ]
+    },
+    "docker-daemon": {
+      "": [
+        {
+          "type": "insecureAcceptAnything"
+        }
+      ]
+    }
+  }
+}