Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker-credential-pass does not work at all #118

Open
TacticalCode opened this issue Jul 19, 2018 · 11 comments
Open

docker-credential-pass does not work at all #118

TacticalCode opened this issue Jul 19, 2018 · 11 comments

Comments

@TacticalCode
Copy link

I've followed the setup instructions for pass from #102
When I use docker login now:

~# docker login my.private.reg:5050
error getting credentials - err: exit status 1, out: `error fetching password during initialization: exit status 2: gpg: decryption failed: No secret key`
~# docker-credential-pass list
{"my.private.reg:5050":"dransfeld@company.org"}
~# pass show docker-credential-helpers/docker-pass-initialized-check
test123
~# docker login my.private.reg:5050
Username (dransfeld@company.org):
Password:
Error: Password Required

As you can see, first docker-credential-pass is unable to open the password store failing with gpg: decryption failed: No secret key, whereas pass show <some-entry> will prompt for the gpg key passphrase.

Even when gpg-agent(?) has cached the private key allowing to access the password store without the passphrase, docker login pre-fills my username, but I still have to enter the registry password.

I've verified my private key is present in GPG and has the same ID as ~/.password-store/.gpg-id
Also, I've verified pass has stored the correct password in docker-credential-helpers/bXkucHJpdmF0ZS5yZWc6NTA1MAo\=/dransfeld@company.org and the subfolder is the registry's base64-encoded URI.

My ~/.docker/config.json:

{
	"HttpHeaders": {
			"User-Agent": "Docker-Client/18.03.1-ce (linux)"
	},
	"credsStore": "pass"
}

docker-credential-pass version: 0.6.0
GPG version: 2.2.4-1ubuntu1.1
pass version: v1.7.1
Docker version: 18.03.1-ce
OS: Ubuntu 18.04 x64 server

Expected behavior
I expected no password prompt and a successful login to my.private.reg:5050 (or just the gpg passphrase prompt from pass) when running docker login

Observed behavior
No prompt for GPG passphrase, prompt for registry password

What's wrong with my setup?
@eyJhb
Copy link
Contributor

eyJhb commented Sep 23, 2018

Weird bug, can you try out #124, and see if that fixes your problem?

@javabrett
Copy link

OK here's another essential tip if you find your pass repo constantly corrupted by incomplete docker-pass-initialized-check:

export GPG_TTY=$(tty)

... so that gpg properly prompts for key passphrase, assuming you have one.

@daili0802
Copy link

I'm experiencing same issue, and I have no GPG passphrase set. Wondering if OP found an solution?

@albertmundu
Copy link

OK here's another essential tip if you find your pass repo constantly corrupted by incomplete docker-pass-initialized-check:

export GPG_TTY=$(tty)

... so that gpg properly prompts for key passphrase, assuming you have one.

This really worked for me after banging my head to the wall for the whole day.

@pbrilius
Copy link

OK here's another essential tip if you find your pass repo constantly corrupted by incomplete docker-pass-initialized-check:

export GPG_TTY=$(tty)

... so that gpg properly prompts for key passphrase, assuming you have one.

Perfect response, thank you for swift reaction ;)

@tjanez tjanez mentioned this issue Feb 3, 2021
Open
@noraj noraj mentioned this issue Mar 5, 2022
Closed
@noraj
Copy link

noraj commented Mar 5, 2022

Same as OP but it a docker-compose up that pull images from ghcr.io that fails rather than docker.login.

@imjavierpalma
Copy link

OK here's another essential tip if you find your pass repo constantly corrupted by incomplete docker-pass-initialized-check:

export GPG_TTY=$(tty)

... so that gpg properly prompts for key passphrase, assuming you have one.

OK here's another essential tip if you find your pass repo constantly corrupted by incomplete docker-pass-initialized-check:

export GPG_TTY=$(tty)

... so that gpg properly prompts for key passphrase, assuming you have one.

Excellent solution! It worked for me too.

@estevaopbs
Copy link

It worked perfectly here

OK here's another essential tip if you find your pass repo constantly corrupted by incomplete docker-pass-initialized-check:

export GPG_TTY=$(tty)

... so that gpg properly prompts for key passphrase, assuming you have one.

@jkossis
Copy link

jkossis commented Jan 10, 2023

Same as OP but it a docker-compose up that pull images from ghcr.io that fails rather than docker.login.

@noraj did you ever figure this out? I am seeing the same thing when docker compose goes to pull the images.

@wartek69
Copy link

Same as OP but it a docker-compose up that pull images from ghcr.io that fails rather than docker.login.

@noraj did you ever figure this out? I am seeing the same thing when docker compose goes to pull the images.

Same issue here. The export GPG_TTY=$(tty) seems to solve the issue by presenting a prompt, but it does not seem like a good solution for me since I want to script the docker pull through ansible.

@AndreasNasman AndreasNasman mentioned this issue Feb 7, 2023
Open
@pfirsich
Copy link

pfirsich commented May 2, 2023

Considering there is no way to use docker-credential-pass (and therefore docker) if no X server is available and you do not pass this environment variable, should docker-credential-pass add this variable to the environment when executing pass? Of course only if the STDIN of docker-credential-pass is a tty.

@nicks nicks mentioned this issue Oct 16, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests