Skip to content

zntrio/vault-secret-engine-docker-registry

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

cmd/vault-plugin-secrets-docker-registry

cmd/vault-plugin-secrets-docker-registry

 
 

scripts

scripts

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

backend.go

backend.go

 
 

client.go

client.go

 
 

config.go

config.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

helpers.go

helpers.go

 
 

path_config.go

path_config.go

 
 

path_creds.go

path_creds.go

 
 

path_roles.go

path_roles.go

 
 

role.go

role.go

 
 

Repository files navigation

Docker Registry - Vault Secret Engine

NOT PRODUCTION READY

Setup

Compile and test env bootstrap

make

Usage

Enable secret engine

vault secrets enable docker-registry

Setup engine authentication

vault write docker-registry/config endpoint_url=<https://auth.docker.io> username=.... password=....

Create a role

vault write docker-registry/roles/admin name=admin service=registry.docker.io scope=repository:samalba/my-app:pull,push

Request for token

$ vault read docker-registry/creds/admin
Key             Value
---             -----
access_token    eyJhbG... omitted ...
registry_url    https://auth.docker.io
scope           repository:samalba/my-app:pull,push
service         registry.docker.io
token           eyJhbG... omitted ...

Update Docker config

export REGISTRY_TOKEN=$(vault read -field token docker-registry/creds/admin)
echo '{"auths":{"registry-1.docker.io":{"registrytoken": "$REGISTRY_TOKEN"}}}' | jq -s ".[0] * .[1]" ~/.docker/config.json - > ~/.docker/config.json

About

Docker Registry secret engine for Vault

Topics

docker golang registry vault-plugins

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages