Run: docker login "Įcho "After login run: docker-credential-pass list cat ~/.docker/config.json pass show" # pass show docker-credential-helpers/docker-pass-initialized-check | sed -e 's/\(.\)/\*/g'Įcho "Docker credential password list (empty initially):"Įcho "Done. Pass insert docker-credential-helpers/docker-pass-initialized-check # Image can't be found when Swarm attempts to pull later if a pass phrase is here.Įcho "Do not set a passphrase for this step (*IMPORTANT*)" Key=$(gpg2 -list-secret-keys | grep uid -B 1 | head -n 1 | sed 's/^ *//g') # - delete /usr/local/bin/docker-credential-pass # Run elevated logged in as the target user. # For Swarm use just run once on a manager. # If previously logged in w/o cred helper, docker logout under each user or remove ~/.docker/config.json. # Uses the pass secret service as the credentials store. # Sets up a docker credential helper so docker login credentials are not stored encoded in base64 plain text. Most explanation of the script is inline with the comments. With that in mind I pieced together this docker-credentials.sh script to make this easier. Part of the problem was that docker-credential-pass is not well-documented I found various resources that got me most of the way there but the complete solution required info across several resources and none of them automated it as much as I wanted. In my case I was using the pass credential helper on a Docker Swarm manager running Ubuntu server. I thought using one of the credential helpers would be quick and simple but I was mistaken. Granted the credentials are base64 encoded but easily decoded at which point the container registry is vulnerable as well. Recently having docker login credentials stored in plain text on a server was bugging me.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |