diff --git a/docs/containers-auth.json.5.md b/docs/containers-auth.json.5.md index 592c7cdf1..4921f0135 100644 --- a/docs/containers-auth.json.5.md +++ b/docs/containers-auth.json.5.md @@ -13,8 +13,8 @@ on Windows and macOS, at `$HOME/.config/containers/auth.json` The auth.json file stores encrypted authentication information for the user to container image registries. The file can have zero to many entries and -is created by a `login` command from a container tool such as `podman login` or -`buildah login`. Each entry includes the name of the registry and then an auth +is created by a `login` command from a container tool such as `podman login`, +`buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth token in the form of a base64 encoded string from the concatenation of the username, a colon, and the password. @@ -37,8 +37,28 @@ their accounts on quay.io and docker.io: An entry can be removed by using a `logout` command from a container tool such as `podman logout` or `buildah logout`. +In addition, credential helpers can be configured for specific registries and the credentials-helper +software can be used to manage the credentials in a more secure way than depending on the base64 encoded authentication +provided by `login`. If the credential helpers are configured for specific registries, the base64 encoded authentication will not be used +for operations concerning credentials of the specified registries. + +When the credential helper is in use on a Linux platform, the auth.json file would contain keys that specify the registry domain, and values that specify the suffix of the program to use (i.e. everything after docker-credential-). For example: + +``` +{ + "auths": { + "localhost:5001": {} + }, + "credHelpers": { + "registry.example.com": "secretservice" + } +} +``` + +For more information on credential helpers, please reference the [GitHub docker-credential-helpers project](https://github.com/docker/docker-credential-helpers/releases). + # SEE ALSO - buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1) + buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1), skopeo-login(1), skopeo-logout(1) # HISTORY Feb 2020, Originally compiled by Tom Sweeney