Docker Registry Auth

[ahjohannessen]

Is it possible to configure a credentials file for podman to use. Similar to how docker auth can be configured:

    config {
        auth {
            config = "/path/to/docker/creds/file"
        }
    }

containing something like:

{
	"auths": {
		"docker.io": {
			"auth": "erfi7sYi89234xJUqaqxgmzcnQ2rRFWM5aJX0EC="
		},
		"quay.io": {
			"auth": "juQAqGmz5eR1ipzx8Evn6KGdw8fEa1w5MWczmgY="
		}
	}
}

podman itself supports --authfile=path and REGISTRY_AUTH_FILE env, it seems.

[towe75]

@ahjohannessen please see also issue #71

You can certainly configure the authentication directly on your host. See documentation at https://github.com/containers/image/blob/main/docs/containers-auth.json.5.md

It's for now not possible to manage this file directly from nomad-driver-podman.

[ahjohannessen]

You can certainly configure the authentication directly on your host.

I was trying to avoid that :/

It's for now not possible to manage this file directly from nomad-driver-podman.

Any plans on updating the auth configuration to allow for a config path like docker?

[jamjon3]

I was just looking for that as I'm using the docker driver and getting ready to switch over to the podman driver on my RHEL8 systems. I put that in the /opt/nomad/auth folder and just point to it for docker:

  config {
    auth {
      config = "/opt/nomad/auth/registryauth.json"
    }
    volumes {
      enabled      = true
      selinuxlabel = "z"
    }    
  }
}

I'd much rather not put passwords in this file _if_ at all possible.

[shoenig]

I think implementing support for creds like the docker driver should be possible now? At least the docker pull API supports identity tokens, https://docs.podman.io/en/latest/_static/api.html#tag/images/operation/ImagePullLibpod

base-64 encoded auth config. Must include the following four values: username, password, email and server address OR simply just an identity token.

I'll take a look into making it work.