DEV Community

Mario García
Mario García

Posted on • Updated on

Docker: Setting Up a Credential Helper

If you're using Docker from the command line, you can sign in to your Docker Hub account with the following command:



$ docker login


Enter fullscreen mode Exit fullscreen mode

You have to provide your username and password. If you have 2FA enabled, you must create a token to be used as password for logging.

Authentication details are stored in the ~/.docker/config.json file.

The file will store the credentials in plain text and it will look like this:



{
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="
    }
  }
}


Enter fullscreen mode Exit fullscreen mode

The file uses base64 to encode authentication details. For example, if you decode the value of auth, you will get:



$ echo -n 'dXNlcm5hbWU6cGFzc3dvcmQ=' | base64 --decode
username:password


Enter fullscreen mode Exit fullscreen mode

In that case, a more secure way to manage your credentials will be using a credential helper.

These are the available programs that can be used to configure a credential helper:

  • osxkeychain: Provides a helper to use the OS X keychain as credentials store.
  • secretservice: Provides a helper to use the D-Bus secret service as credentials store.
  • wincred: Provides a helper to use Windows credentials manager as store.
  • pass: Provides a helper to use pass as credentials store.

On Linux, you can use secretservice. To install it run the following commands:



wget -O docker-credential-secretservice https://github.com/docker/docker-credential-helpers/releases/download/v0.8.0/docker-credential-secretservice-v0.8.0.linux-amd64
chmod +x docker-credential-secretservice
sudo mv docker-credential-secretservice /usr/local/bin/


Enter fullscreen mode Exit fullscreen mode

Then set the credsStore option in your ~/.docker/config.json file:



sed -i '0,/{/s/{/{\n\t"credsStore": "secretservice",/' ~/.docker/config.json


Enter fullscreen mode Exit fullscreen mode

Logout:



docker logout


Enter fullscreen mode Exit fullscreen mode

Credentials are removed from the ~/.docker/config.json file.

And login again:



docker login


Enter fullscreen mode Exit fullscreen mode

It will ask you for your username and password again, but this time the ~/.docker/config.json file will have the following content:



{
  "auths": {
    "https://index.docker.io/v1/": {}
  },
  "credsStore": "secretservice"
}


Enter fullscreen mode Exit fullscreen mode

When running Docker Desktop, a credential helper is provided, and you don't need to configure one manually. The ~/.docker/config.json file, in Windows, has the following content:



{
  "auths": {
    "https://index.docker.io/v1/": {}
  },
  "credsStore": "desktop.exe"
}


Enter fullscreen mode Exit fullscreen mode

Now you can manage your credentials in a more secure way.


Support me on Buy Me A Coffee

Top comments (1)

Collapse
 
osalumense profile image
Stephen Akugbe

Thank you very much, the last line just saved me hours of work trying to configure my docker config on my WIndows machine. I truly appreciate