Wyrd sisters

Docker credential helpers

by Ty Myrddin

Published on April 18, 2022

Sign in to docker hub and create an Access Token by going to Settings -> Security -> New Access Token. Below on that page one discovers the possibility of setting up Two-factor authentication. Might as well.

Try to login to DockerHub on the command line, only to discover that credentials are stored openly in the Docker configuration file. Recommended is a credential helper.

First, logout again!

Install pass

    $ sudo apt install pass

Generate a GnuPG key pair:

    $ gpg --full-generate-key

Initialise pass:

    $ pass init [public-key]

Install Docker credential helpers

    $ mkdir ~/bin; cd ~/bin
    $ echo 'export PATH=$PATH:~/bin' >> ~/.bashrc
    $ wget https://github.com/docker/docker-credential-helpers/releases/download/v0.6.4/docker-credential-pass-v0.6.4-amd64.tar.gz
    $ tar xvzf docker-credential-pass-v0.6.4-amd64.tar.gz
    $ chmod a+x docker-credential-pass

The credentials store needs to be specified in $HOME/.docker/config.json for the docker engine to use it.

    $ echo '{ "credsStore": "pass" }' > ~/.docker/config.json

And insert. Enter the generated public key (twice):

    $ pass insert docker-credential-helpers/docker-pass-initialized-check
    Enter password for docker-credential-helpers/docker-pass-initialized-check:
    Retype password for docker-credential-helpers/docker-pass-initialized-check:

The docker login command is now supposed to now store the Access Token credentials in pass instead of in base64 encoding in the config file.

WHERE'S MY COW?! Wyrd Sisters