DEV Community

G.L Solaria
G.L Solaria

Posted on • Updated on

Storing DockerHub Credentials using Pass on Ubuntu 18.04

I wanted to pull a Docker image from DockerHub. To do so, I first created a DockerHub account. Once that was done I could run:

docker login # Enter your credentials

By default, however, it stored my login credentials unencrypted.

To store my credentials securely, Docker supports interfacing with a password manager.

For Linux, Docker supports Pass. I initialised Pass to use git as its storage. I didn't have to initialise Pass to store passwords in a git repo though. But I think it is a good idea if you need to share secrets among team members.

To use Pass, I first needed to create a GPG key pair. This will ensure I can sign my work and allows others to verify the authenticity of work that is signed by me.

$ sudo apt install pass   # Install Pass
$ gpg --full-generate-key # Create public-private key
$ pass git init <public key>

To bridge between Docker and Pass, I needed to use docker-credential-pass. Now I am less than impressed that docker-credential-pass doesn't come with a GPG signature. I am really surprised no one has kicked up a fuss about that. Perhaps there is a way to verify the download but I can't work it out.

$ mkdir ~/bin; cd ~/bin
$ echo 'export PATH=$PATH:~/bin' >> ~/.bashrc
$ wget
$ tar xvzf docker-credential-pass-v0.6.3-amd64.tar.gz
$ chmod a+x docker-credential-pass
$ mkdir ~/.docker
$ echo '{ "credsStore": "pass" }' > ~/.docker/config.json
$ pass insert docker-credential-helpers/docker-pass-initialized-check
$ # Set the password to: pass is initialized
$ docker login # Which will now store credentials in Pass
$ docker pull ubuntu:18.04

The end.

Discussion (1)

lesegogomolemo profile image
Lesego Mabe

I've followed your guide and making our own bin folder didn't work, instead copying 'docker-credential-pass' to /bin worked.

Also, there is a spelling error, it's supposed to be "credsStore" instead of "credStore."

In addition, "pass git init " didn't work for me either. What worked was first "pass init ", then "pass git init." I could be wrong, but I struggled with it and that's the path that worked out for me.

Thanks very much for the guide! It was very helpful.