DEV Community

G.L Solaria
G.L Solaria

Posted on • Edited on

Storing DockerHub Credentials using Pass on Ubuntu 18.04

I wanted to pull a Docker image from DockerHub. To do so, I first created a DockerHub account. Once that was done I could run:

docker login # Enter your credentials
Enter fullscreen mode Exit fullscreen mode

By default, however, it stored my login credentials unencrypted.

To store my credentials securely, Docker supports interfacing with a password manager.

For Linux, Docker supports Pass. I initialised Pass to use git as its storage. I didn't have to initialise Pass to store passwords in a git repo though. But I think it is a good idea if you need to share secrets among team members.

To use Pass, I first needed to create a GPG key pair. This will ensure I can sign my work and allows others to verify the authenticity of work that is signed by me.

$ sudo apt install pass   # Install Pass
$ gpg --full-generate-key # Create public-private key
$ pass git init <public key>
Enter fullscreen mode Exit fullscreen mode

To bridge between Docker and Pass, I needed to use docker-credential-pass. Now I am less than impressed that docker-credential-pass doesn't come with a GPG signature. I am really surprised no one has kicked up a fuss about that. Perhaps there is a way to verify the download but I can't work it out.

$ mkdir ~/bin; cd ~/bin
$ echo 'export PATH=$PATH:~/bin' >> ~/.bashrc
$ wget https://github.com/docker/docker-credential-helpers/releases/download/v0.6.3/docker-credential-pass-v0.6.3-amd64.tar.gz
$ tar xvzf docker-credential-pass-v0.6.3-amd64.tar.gz
$ chmod a+x docker-credential-pass
$ mkdir ~/.docker
$ echo '{ "credsStore": "pass" }' > ~/.docker/config.json
$ pass insert docker-credential-helpers/docker-pass-initialized-check
$ # Set the password to: pass is initialized
$ docker login # Which will now store credentials in Pass
$ docker pull ubuntu:18.04
Enter fullscreen mode Exit fullscreen mode

The end.

Top comments (1)

Collapse
 
lesegogomolemo profile image
Lesego Mabe

I've followed your guide and making our own bin folder didn't work, instead copying 'docker-credential-pass' to /bin worked.

Also, there is a spelling error, it's supposed to be "credsStore" instead of "credStore."

In addition, "pass git init " didn't work for me either. What worked was first "pass init ", then "pass git init." I could be wrong, but I struggled with it and that's the path that worked out for me.

Thanks very much for the guide! It was very helpful.