Skip to content

Instantly share code, notes, and snippets.

@carun

carun/docker-registry-credentials.md

Created August 2, 2024 05:43
Show Gist options
  • Save carun/156cf1e64a16af1822611a445f21a97c to your computer and use it in GitHub Desktop.
Save carun/156cf1e64a16af1822611a445f21a97c to your computer and use it in GitHub Desktop.
Download ZIP
Managing Docker Registry Credentials using pass tool on Linux
Raw
docker-registry-credentials.md

[[TOC]]

Docker Registry Credentials

Docker has the ability to utilize credential stores. See https://docs.docker.com/reference/cli/docker/login/#credential-stores for supported credential stores.

This guide particularly talks about setting up pass for docker registry credential management for docker client usage. There's also a way to use D-Bus secret service as a credential store, but since it is desktop based and D-Bus is usually buggy, it is recommended to use pass.

Setup on Ubuntu Linux or WSL

  1. Pass is available in pretty much all major distros and works seamlessly with gpg. 
    sudo apt install pass
  2. If you don't have a GPG key, create one. Otherwise, this guide will assume you have a GPG keyring setup already.
  3. gpg --list-keys 
    /home/arun/.gnupg/pubring.kbx
-----------------------------
pub   ed25519 2023-03-17 [SC]
      C1CFE92AAA33199917625FB16E03944C9957360C
uid           [ unknown] Arun <chan0392@e.ntu.edu.sg>
sub   cv25519 2023-03-17 [E]
sub   ed25519 2023-07-27 [A]
  4. pass init C1CFE92AAA33199917625FB16E03944C9957360C
  5. Download docker-credential-pass and make sure it is in your PATH. You can create a softlink to the latest version. Eg: 
    chmod +x $HOME/.bin/docker-credential-pass-v0.8.2.linux-amd64
ln -s $HOME/.bin/docker-credential-pass-v0.8.2.linux-amd64 $HOME/.bin/docker-credential-pass
  6. Overwrite $HOME/.docker/config.json to contain: {"credsStore": "pass"}
  7. Logout all the ssh/tmux sessions and login again
  8. docker login parodev.azurecr.io
  9. If setup of pass failed, it will show up as below 
    Password:
Error saving credentials: error storing credentials - err: exec: "docker-credential-pass": executable file not found in $PATH, out:
  10. Otherwise the setup will succeed 
    docker login parodev.azurecr.io
username: paro-team
Password:

sub  cv25519/B28189485F662AEB 2023-03-17 Arun C <chan0392@e.ntu.edu.sg>
 Primary key fingerprint: C1CF E92A AA33 1999 1762  5FB1 6E03 944C 9957 360C
      Subkey fingerprint: 32BF 01DC 2A45 D64B DF9A  033C B281 8948 5F66 2AEB

It is NOT certain that the key belongs to the person named
in the user ID.  If you *really* know what you are doing,
you may answer the next question with yes.

Use this key anyway? (y/N) y
Login Succeeded
  11. Repeat this for other docker registries as needed.
  12. List all the stored passwords from the creds store: 
    $ pass
Password Store
└── docker-credential-helpers
    ├── e233f64f-7528-4ae4-b36f-404be9c66037
    │   └── abcdef
    ├── 6c6be3f0-a222-417e-9733-38ffd5789bc6
    │   └── abcdef
    └── 8f6e93d4-548e-4a49-a8af-5c397db192c8
        └── myteam
  13. cat .docker/config.json | jq will show the below content 
    {
  "auths": {
    "service1.azurecr.io": {},
    "service2.azurecr.io": {},
    "service3.azurecr.io": {}
  },
  "credsStore": "pass"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment