Setup credential store for Docker login
how to setup the credential store for docker login
By default Docker login will store all the sensitive password in to ~/.docker/config, and form the console, it raise a warning like:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
When I follow the referring document, it seems not that clear for me to finish the setup, I created this article to record the detailed step for that.
Here is the tools that we need in this article:
- GnuPG, you can refer my previous link to know how to backup/restore the GPG keys
- pass
- docker-credential-helper you should select the pass version
We will remove all the store related configuration files to get start.
rm -rf ~/.password-store
config pass
pass init "your-gpg-key-email"
all the pass data is in ~/.password-store
setup the docker-credential-pass
You need to have the docker-crendetial-pass in path
tar xvzf docker-credential-pass-v0.6.4-amd64.tar.gz
mkdir ~/bin/
mv docker-crendential-pass ~/bin
# add in ~/.bashrc
export PATH=/home/kelvin/bin:$PATH:
# initialize the pass
pass insert docker-credential-helpers/docker-pass-initialized-check
# show the pass
pass show docker-credential-helpers/docker-pass-initialized-check
# check the store
docker-credential-pass list
#{}
setup docker
remove the existed ~/.docker/config.json, create a new one:
add
{
"credsStore": "pass"
}
in ~/.docker/config.json.
docker logout
docker login -U usernmae docker-registry-server-url
now all the password is stored in credential store.
docker-credential-pass list
{
"docker-registry-server-url:6050":"deploy-key-user",
}