diff --git a/cli/command/image/trust.go b/cli/command/image/trust.go
index 274344452f..2b4f92794c 100644
--- a/cli/command/image/trust.go
+++ b/cli/command/image/trust.go
@@ -137,7 +137,7 @@ func PushTrustedReference(ctx context.Context, ioStreams command.Streams, repoIn
 		err = repo.AddTarget(target, data.CanonicalTargetsRole)
 	case nil:
 		// already initialized and we have successfully downloaded the latest metadata
-		err = AddTargetToAllSignableRoles(repo, target)
+		err = trust.AddToAllSignableRoles(repo, target)
 	default:
 		return trust.NotaryError(repoInfo.Name.Name(), err)
 	}
@@ -155,19 +155,6 @@ func PushTrustedReference(ctx context.Context, ioStreams command.Streams, repoIn
 	return nil
 }
 
-// AddTargetToAllSignableRoles attempts to add the image target to all the top level delegation roles we can
-// (based on whether we have the signing key and whether the role's path allows
-// us to).
-// If there are no delegation roles, we add to the targets role.
-func AddTargetToAllSignableRoles(repo client.Repository, target *client.Target) error {
-	signableRoles, err := trust.GetSignableRoles(repo, target)
-	if err != nil {
-		return err
-	}
-
-	return repo.AddTarget(target, signableRoles...)
-}
-
 // trustedPull handles content trust pulling of an image
 func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth, opts PullOptions) error {
 	refs, err := getTrustedPullTargets(cli, imgRefAndAuth)
diff --git a/cli/command/trust/sign.go b/cli/command/trust/sign.go
index fa2192bef9..bf974d0dc0 100644
--- a/cli/command/trust/sign.go
+++ b/cli/command/trust/sign.go
@@ -116,7 +116,7 @@ func signAndPublishToTarget(out io.Writer, imgRefAndAuth trust.ImageRefAndAuth,
 	if err != nil {
 		return err
 	}
-	err = image.AddTargetToAllSignableRoles(notaryRepo, &target)
+	err = trust.AddToAllSignableRoles(notaryRepo, &target)
 	if err == nil {
 		prettyPrintExistingSignatureInfo(out, existingSigInfo)
 		err = notaryRepo.Publish()
diff --git a/cli/trust/trust.go b/cli/trust/trust.go
index 65beb3aa4e..62bbd8f833 100644
--- a/cli/trust/trust.go
+++ b/cli/trust/trust.go
@@ -239,6 +239,20 @@ func NotaryError(repoName string, err error) error {
 	return err
 }
 
+// AddToAllSignableRoles attempts to add the image target to all the top level
+// delegation roles we can (based on whether we have the signing key and whether
+// the role's path allows us to).
+//
+// If there are no delegation roles, we add to the targets role.
+func AddToAllSignableRoles(repo client.Repository, target *client.Target) error {
+	signableRoles, err := GetSignableRoles(repo, target)
+	if err != nil {
+		return err
+	}
+
+	return repo.AddTarget(target, signableRoles...)
+}
+
 // GetSignableRoles returns a list of roles for which we have valid signing
 // keys, given a notary repository and a target
 func GetSignableRoles(repo client.Repository, target *client.Target) ([]data.RoleName, error) {