Use Pass As Secret Store For Docker Registry
-
Download “docker-credential-pass”. https://github.com/docker/docker-credential-helpers/releases/
-
Unpack tar -xvf docker-credential-pass-v0.6.3-amd64.tar.gz
-
Copy the unpacked file to /usr/bin directory.
-
Set execution permission
chmod +x /usr/bin/docker-credential-pass -
Check that docker-credential-pass work. To do this, run command docker-credential-pass. You should see: “Usage: docker-credential-pass <store get erase list version>”. -
Install gpg and pass.
sudo yum install gpg pass -
gpg –generate-key. Enter your name, mail, etc. You will get gpg-id like “5BB54DF1XXXXXXXXF87XXXXXXXXXXXXXX945A”. Copy it to clipboard. To show GPG key id:
gpg --list-secret-keys --keyid-format LONGIf entropy is needed. Run command
sudo dd if=/dev/sda of=/dev/zeroOr install the program haveged
sudo apt install haveged -
pass init (paste from clipboard) -
pass insert docker-credential-helpers/docker-pass-initialized-checkand set the next password “pass is initialized” (without quotes). -
pass show docker-credential-helpers/docker-pass-initialized-check. You should see pass is initialized. -
docker-credential-pass list. You should see {} or another data. You shouldn`t see error like “pass store is uninitialized”. -
vim ~/.docker/config.json. Set in root node the next line “credsStore”: “pass” save ctrl+o. -
after docker login and etc.
-
Run
export GPG_TTY=$(tty) - Add the lines in .bashrc or .zshrc
export GPG_TTY=`tty` gpg-connect-agent updatestartuptty /bye gpg-connect-agent reloadagent /bye clear