diff --git a/cli/command/trust/cmd.go b/cli/command/trust/cmd.go
index 766c3dd4a6..94b0b5bb9c 100644
--- a/cli/command/trust/cmd.go
+++ b/cli/command/trust/cmd.go
@@ -18,6 +18,10 @@ func NewTrustCommand(dockerCli command.Cli) *cobra.Command {
 		newViewCommand(dockerCli),
 		newRevokeCommand(dockerCli),
 		newSignCommand(dockerCli),
+		newKeyGenerateCommand(dockerCli),
+		newKeyLoadCommand(dockerCli),
+		newSignerAddCommand(dockerCli),
+		newSignerRemoveCommand(dockerCli),
 	)
 	return cmd
 }
diff --git a/cli/command/trust/helpers.go b/cli/command/trust/helpers.go
index 7d9c184ba4..a395af44e2 100644
--- a/cli/command/trust/helpers.go
+++ b/cli/command/trust/helpers.go
@@ -9,6 +9,7 @@ import (
 )
 
 const releasedRoleName = "Repo Admin"
+const releasesRoleTUFName = "targets/releases"
 
 // check if a role name is "released": either targets/releases or targets TUF roles
 func isReleasedTarget(role data.RoleName) bool {
@@ -31,3 +32,13 @@ func clearChangeList(notaryRepo client.Repository) error {
 	}
 	return cl.Clear("")
 }
+
+func getOrGenerateRootKeyAndInitRepo(notaryRepo client.Repository) error {
+	rootKey, err := getOrGenerateNotaryKey(notaryRepo, data.CanonicalRootRole)
+	if err != nil {
+		return err
+	}
+	// Initialize the notary repository with a remotely managed snapshot
+	// key
+	return notaryRepo.Initialize([]string{rootKey.ID()}, data.CanonicalSnapshotRole)
+}
diff --git a/cli/trust/trust.go b/cli/trust/trust.go
index d392153e5c..c87ad7be8e 100644
--- a/cli/trust/trust.go
+++ b/cli/trust/trust.go
@@ -43,7 +43,8 @@ var (
 	ActionsPushAndPull = []string{"pull", "push"}
 )
 
-func trustDirectory() string {
+// GetTrustDirectory returns the base trust directory name
+func GetTrustDirectory() string {
 	return filepath.Join(cliconfig.Dir(), "trust")
 }
 
@@ -172,15 +173,16 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo
 	tr := transport.NewTransport(base, modifiers...)
 
 	return client.NewFileCachedRepository(
-		trustDirectory(),
+		GetTrustDirectory(),
 		data.GUN(repoInfo.Name.Name()),
 		server,
 		tr,
-		getPassphraseRetriever(in, out),
+		GetPassphraseRetriever(in, out),
 		trustpinning.TrustPinConfig{})
 }
 
-func getPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
+// GetPassphraseRetriever returns a passphrase retriever that utilizes Content Trust env vars
+func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever {
 	aliasMap := map[string]string{
 		"root":     "root",
 		"snapshot": "repository",