Pulling images from private repositories

[uniqueg]

Currently, the specs do not provide for a way to pass secrets to pull a container image from a private repository.

This was requested by the Czech and Greek ELIXIR nodes, see here: https://docs.google.com/spreadsheets/d/1vBFhBQ-nFqhSL5dLjQfOWO6x9BzmV9x6l18p9GYRZdQ/edit#gid=0

Contacts: @xhejtman, @viktoriaas, @zagganas & @vergoulis

[kellrott]

Would this be something that could be covered by the addition of https://www.ga4gh.org/ga4gh-passports/ to the spec?

[uniqueg]

Possibly, not sure. From how I understand Passport, it's rather for cases where some authority asserts your permissions to access some resource. While the described use case might in principle fit in this setting, I think the more common route is that users get their own access tokens/credentials from container registries. And I don't think Passport is designed to be a general purpose passbook that would allow users to store their own credentials.

I think we should raise this issue in Cloud WS & Passport, because I think it is both an important and reasonably common use case. What do you think, @jb-adams?