Skip to content

Use DOCKER_AUTH_CONFIG env as credential store #6008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 18, 2025
Merged

Use DOCKER_AUTH_CONFIG env as credential store #6008

merged 1 commit into from
Jun 18, 2025

Conversation

Benehiko
Copy link
Member

@Benehiko Benehiko commented Apr 15, 2025
edited
Loading

This patch enables the CLI to natively pick up the DOCKER_AUTH_CONFIG
environment variable and use it as a credential store.

The DOCKER_AUTH_CONFIG value should be a JSON object and must store
the credentials in a base64 encoded string under the auth key.

Credentials stored in DOCKER_AUTH_CONFIG would take precedence over any
credential stored in the file store (~/.docker/config.json) or native store
(credential helper).

Destructive actions, such as deleting a credential would result in a noop if
found in the environment credential. Credentials found in the file or
native store would get removed.

- What I did

- How I did it

- How to verify it

printf "username:pat" | openssl base64 -A

Setup the DOCKER_AUTH_CONFIG environment variable

DOCKER_AUTH_CONFIG='{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "aGk6KTpkY2tyX3BhdF9oZWxsbw=="
    }
  }
}'
docker buildx bake --set binary.platform=linux/arm64

docker run -it -v ./build/docker-linux-arm64:/bin/docker -v /var/run/docker.sock:/var/run/docker.sock --env DOCKER_AUTH_CONFIG alpine:latest /bin/ash

/ # docker login
...
Login Succeeded

- Human readable description for the release notes

Use `DOCKER_AUTH_CONFIG` as a credential store

- A picture of a cute animal (not mandatory but encouraged)

@Benehiko Benehiko requested a review from Copilot April 15, 2025 05:37
Copilot
Copilot AI reviewed Apr 15, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

@codecov-commenter
Copy link

codecov-commenter commented Apr 15, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 71.42857% with 32 lines in your changes missing coverage. Please review.

Project coverage is 55.56%. Comparing base (9e50654) to head (9b83d5b).
Report is 24 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6008      +/-   ##
==========================================
+ Coverage   55.03%   55.56%   +0.52%     
==========================================
  Files         361      356       -5     
  Lines       30153    29999     -154     
==========================================
+ Hits        16596    16670      +74     
+ Misses      12599    12366     -233     
- Partials      958      963       +5
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Benehiko Benehiko force-pushed the env-credentials-store branch 2 times, most recently from 866c70a to eb43744 Compare April 15, 2025 06:27
@Benehiko Benehiko requested review from thaJeztah and a team April 15, 2025 06:27
@Benehiko Benehiko marked this pull request as ready for review April 15, 2025 06:27
@Benehiko Benehiko mentioned this pull request Apr 15, 2025
Merged
4 tasks
thaJeztah
thaJeztah reviewed Apr 15, 2025
View reviewed changes
thaJeztah
thaJeztah reviewed Apr 15, 2025
View reviewed changes
thaJeztah
thaJeztah reviewed Apr 15, 2025
View reviewed changes
@thaJeztah thaJeztah mentioned this pull request Apr 17, 2025
Merged
thaJeztah
thaJeztah reviewed Apr 17, 2025
View reviewed changes
@Benehiko Benehiko force-pushed the env-credentials-store branch from e7c6f4d to b3aa07f Compare May 27, 2025 08:21
thaJeztah
thaJeztah reviewed May 27, 2025
View reviewed changes
@Benehiko Benehiko force-pushed the env-credentials-store branch from de90f77 to b7770d7 Compare May 27, 2025 12:36
@Benehiko Benehiko requested a review from thaJeztah May 27, 2025 13:02
thaJeztah
thaJeztah reviewed May 27, 2025
View reviewed changes
@Benehiko Benehiko force-pushed the env-credentials-store branch 2 times, most recently from d801989 to 0417f99 Compare June 3, 2025 08:19
@Benehiko Benehiko requested a review from thaJeztah June 3, 2025 08:45
thaJeztah
thaJeztah reviewed Jun 3, 2025
View reviewed changes
@Benehiko Benehiko force-pushed the env-credentials-store branch 2 times, most recently from 5e95a08 to 63c990c Compare June 6, 2025 11:15
@Benehiko Benehiko requested a review from thaJeztah June 6, 2025 11:35
thaJeztah
thaJeztah reviewed Jun 6, 2025
View reviewed changes
@thaJeztah thaJeztah mentioned this pull request Jun 6, 2025
Open
@thaJeztah
Copy link
Member

@Benehiko Benehiko force-pushed the env-credentials-store branch 3 times, most recently from 4978971 to 2d0b124 Compare June 13, 2025 07:27
thaJeztah
thaJeztah reviewed Jun 13, 2025
View reviewed changes
@Benehiko Benehiko force-pushed the env-credentials-store branch from 2d0b124 to 5f2a40a Compare June 17, 2025 05:21
@Benehiko Benehiko requested a review from thaJeztah June 17, 2025 05:40
thaJeztah
thaJeztah reviewed Jun 17, 2025
View reviewed changes
vvoland
vvoland reviewed Jun 17, 2025
View reviewed changes
Copy link
Collaborator

@vvoland vvoland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed I had some pending comments

@thaJeztah thaJeztah added this to the 28.3.0 milestone Jun 17, 2025
@Benehiko Benehiko force-pushed the env-credentials-store branch from 5f2a40a to bb1bf8c Compare June 17, 2025 11:21
thaJeztah
thaJeztah approved these changes Jun 17, 2025
View reviewed changes
Copy link
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah
Copy link
Member

@vvoland PTAL

vvoland
vvoland reviewed Jun 17, 2025
View reviewed changes
Copy link
Collaborator

@vvoland vvoland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, but left some comments

@Benehiko
Use DOCKER_AUTH_CONFIG env as credential store
9b83d5b 
This patch enables the CLI to natively pick up the `DOCKER_AUTH_CONFIG`
environment variable and use it as a credential store.

The `DOCKER_AUTH_CONFIG` value should be a JSON object and must store
the credentials in a base64 encoded string under the `auth` key.
Specifying additional fields will cause the parser to fail.

For example:
`printf "username:pat" | openssl base64 -A`

`export DOCKER_AUTH_CONFIG='{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "aGk6KTpkY2tyX3BhdF9oZWxsbw=="
    }
  }
}'`

Credentials stored in `DOCKER_AUTH_CONFIG` would take precedence over any
credential stored in the file store (`~/.docker/config.json`) or native store
(credential helper).

Destructive actions, such as deleting a credential would result in a noop if
found in the environment credential. Credentials found in the file or
native store would get removed.

Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
@Benehiko Benehiko force-pushed the env-credentials-store branch from bb1bf8c to 9b83d5b Compare June 18, 2025 16:55
@Benehiko Benehiko requested a review from vvoland June 18, 2025 16:58
vvoland
vvoland approved these changes Jun 18, 2025
View reviewed changes
Copy link
Collaborator

@vvoland vvoland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@vvoland vvoland merged commit 51025e1 into docker:master Jun 18, 2025
87 checks passed
@fabriceclementz fabriceclementz mentioned this pull request Jun 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot

@thaJeztah thaJeztah

@vvoland vvoland

Assignees
No one assigned
Labels
area/authentication impact/changelog kind/feature
Projects
None yet
Milestone
28.3.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Benehiko @codecov-commenter @thaJeztah @vvoland