I wanted to pull a Docker image from DockerHub. To do so, I first created a DockerHub account. Once that was done I could run:
docker login # Enter your credentials
By default, however, it stored my login credentials unencrypted.
To store my credentials securely, Docker supports interfacing with a password manager.
For Linux, Docker supports Pass. I initialised Pass to use git as its storage. I didn't have to initialise Pass to store passwords in a git repo though. But I think it is a good idea if you need to share secrets among team members.
To use Pass, I first needed to create a GPG key pair. This will ensure I can sign my work and allows others to verify the authenticity of work that is signed by me.
$ sudo apt install pass # Install Pass
$ gpg --full-generate-key # Create public-private key
$ pass git init <public key>
To bridge between Docker and Pass, I needed to use docker-credential-pass. Now I am less than impressed that docker-credential-pass doesn't come with a GPG signature. I am really surprised no one has kicked up a fuss about that. Perhaps there is a way to verify the download but I can't work it out.
$ mkdir ~/bin; cd ~/bin
$ echo 'export PATH=$PATH:~/bin' >> ~/.bashrc
$ wget https://github.com/docker/docker-credential-helpers/releases/download/v0.6.3/docker-credential-pass-v0.6.3-amd64.tar.gz
$ tar xvzf docker-credential-pass-v0.6.3-amd64.tar.gz
$ chmod a+x docker-credential-pass
$ mkdir ~/.docker
$ echo '{ "credsStore": "pass" }' > ~/.docker/config.json
$ pass insert docker-credential-helpers/docker-pass-initialized-check
$ # Set the password to: pass is initialized
$ docker login # Which will now store credentials in Pass
$ docker pull ubuntu:18.04
The end.
Top comments (1)
I've followed your guide and making our own bin folder didn't work, instead copying 'docker-credential-pass' to /bin worked.
Also, there is a spelling error, it's supposed to be "credsStore" instead of "credStore."
In addition, "pass git init " didn't work for me either. What worked was first "pass init ", then "pass git init." I could be wrong, but I struggled with it and that's the path that worked out for me.
Thanks very much for the guide! It was very helpful.