docker always restores credStore desktop

[stefanloerwald]

I don't want to use the default credStore "desktop" on my development machine. The issue docker/docker-credential-helpers#95 guides me to set the credStore/credsStore value to "" instead of "desktop", but it doesn't seem to have any effect while docker is running. Restarting docker will reset this value to "desktop".

Please fix this.

[docker-robott]

Issues go stale after 90 days of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30 days of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[stefanloerwald]

/remove-lifecycle stale
This is still very much a thing, as far as I know. It would be great if the maintainers of docker didn't simply solve issues by ignoring them for long enough...

[gostega]

Would be nice to be able to use the windows credential store similar to how git does it: git config --global credential.helper "/mnt/c/Program\ Files/Git/mingw64/libexec/git-core/git-credential-manager.exe"

[gostega]

/remove-lifecycle stale

[TalonLaurens]

Facing the exact same issue on Windows 10 (WSL2). I can not use private hosted containers because of this issue...

[0x53A]

The windows credentials store does not work for us, because our build script runs elevated: docker/cli#2682 (comment)

It turns out you cannot Docker login via an elevated shell depending on your environment as it appears the credentials don't get passed through

It works when I manually remove the credStore from my config.json file, but on the next docker restart docker will replace it with desktop again.

Please either fix the bug that elevated shells can't login, or that credStore gets reset. Either would be fine, preferably both ...

[ronbuchanan]

Having the same issue. Resets the credStore to desktop every time a restart happens.

[gostega]

This no longer happens to me (I work on multiple windows PCs with WSL 2, and change computers often (reformat windows or get new PC so have to set up everything from scratch again)
If it helps anyone, here is the content of my docker config.json in WSL

$ cat ~/.docker/config.json 
{
        "auths": {
                "gitlab.redacted.com": {},
                "gitlab.redacted.com:4567": {}
        },
        "credsStore": "desktop.exe"
}

I recommend anyone having issues to completely uninstall docker, (or try use the purge option in docker first) and/or remove WSL then reinstall WSL, and make sure you enable WSL2, then reinstall docker, and enable docker integration with WSL (inside the Docker desktop settings). After doing the above, docker in WSL uses Windows credential manager and works fine.

[ErnstHaagsman]

I just faced this issue, and found a workaround:

First edit config.json, then go to its file permissions, and deny 'Write' to all users. Then when restarting the Docker engine it actually seems to use what's in the file.

[adrianlyons]

I tried a similar write protect approach however docker crashed on start...

[sliekens]

Why don't you want to use the credentials store? Renaming or removing "credStore" makes it significantly easier to steal your credentials, which are then stored in plaintext...

[stefanloerwald]

Stolen credentials are not a concern in my use case, as there are no sensitive credentials stored (placeholder credentials in a dev environment). I wanted to share the credentials with a set of containers, without having to configure more than the path to the credential config file. Within the container context, the credStore is not available, so auth just fails.

[0x53A]

@StevenLiekens

Why don't you want to use the credentials store? Renaming or removing "credStore" makes it significantly easier to steal your credentials, which are then stored in plaintext...

---

The windows credentials store does not work for us, because our build script runs elevated: docker/cli#2682 (comment)

It turns out you cannot Docker login via an elevated shell depending on your environment as it appears the credentials don't get passed through

It works when I manually remove the credStore from my config.json file, but on the next docker restart docker will replace it with desktop again.

Please either fix the bug that elevated shells can't login, or that credStore gets reset. Either would be fine, preferably both ...

---

And from a philosophical standpoint, the software should do what I tell it to, not the other way around. Why is there a config file if you're just gonna ignore and overwrite it yourself?