forked from containers/image
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add documentation for credHelper. Close containers/podman#1675 Signed-off-by: Qi Wang <[email protected]>
- Loading branch information
Showing
1 changed file
with
23 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -13,8 +13,8 @@ on Windows and macOS, at `$HOME/.config/containers/auth.json` | |
|
|
||
| The auth.json file stores encrypted authentication information for the | ||
| user to container image registries. The file can have zero to many entries and | ||
| is created by a `login` command from a container tool such as `podman login` or | ||
| `buildah login`. Each entry includes the name of the registry and then an auth | ||
| is created by a `login` command from a container tool such as `podman login`, | ||
| `buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth | ||
| token in the form of a base64 encoded string from the concatenation of the | ||
| username, a colon, and the password. | ||
|
|
||
|
|
@@ -37,8 +37,28 @@ their accounts on quay.io and docker.io: | |
| An entry can be removed by using a `logout` command from a container | ||
| tool such as `podman logout` or `buildah logout`. | ||
|
|
||
| In addition, credential helpers can be configured for specific registries and the credentials-helper | ||
| software can be used to manage the credentials in a more secure way than depending on the base64 encoded authentication | ||
| provided by `login`. If the credential helpers are configured for specific registries, the base64 encoded will not be used | ||
| for operations concerning credentials of the specified registries. | ||
|
|
||
| When the credential helper is in use on a Linux platform, the auth.json file would contain keys that specify the registry domain, and values that specify the suffix of the program to use (i.e. everything after docker-credential-). For example: | ||
|
|
||
| ``` | ||
| { | ||
| "auths": { | ||
| "localhost:5001": {} | ||
| }, | ||
| "credHelpers": { | ||
| "registry.example.com": "secretservice" | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| For more information on credential helpers, please reference the [GitHub docker-credential-helpers project](https://github.com/docker/docker-credential-helpers/releases). | ||
|
|
||
| # SEE ALSO | ||
| buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1) | ||
| buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1), skopeo-login(1), skopeo-logout(1) | ||
|
|
||
| # HISTORY | ||
| Feb 2020, Originally compiled by Tom Sweeney <[email protected]> | ||