Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Push docker image to private registry (ACR): "Your password will be stored unencrypted"

Hi all,

I'm using bitbucket pipeline to build and push images to a private Docker registry (ACR):

- echo ${AZURE_PASSWORD} | docker login $AZURE_ACR_URL --username "$AZURE_APP_ID" --password-stdin 
- docker push "${IMAGE}:${VERSION}"

It is working, but there is following statement shown in the logs:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json. 
Configure a credential helper to remove this warning.

I'm using the standard Atlassian template for the docker registry login and I'm wondering, if the whole process is secure? 

Or is it not relevant, because the credentials are just stored temporarly unencrypted within the runtime container of the building step and after the execution, the container shuts down and credentials are gone anyway?

Thanks for any feedback :)

2 answers

1 accepted

0 votes
Answer accepted
Mark C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 17, 2021

Hi @koanplaned ,

Welcome to the Community.

This is actually the default behavior where Docker stores the login password unencrypted in /root/.docker/config.json.

That's correct. Pipelines stores your credential temporarily within the runtime container/pod when you build a step.
However, after the execution, the container/pod will be shut down along with your stored credentials.

As a good practice, just always make sure you're using secured environment variables for your credentials.
This way, your credentials will not be visible on Pipelines UI logs.

Do let me if you have further questions that I can help with.

Mark C

Hi @Mark C

thank you very much for your answer, that helped me to understand the whole process.

Hi koanplaned, I know this is an old thread, but any pointers you could give me about using ACR for building and storing my image using 'bitbucket-pipelines.yml'



Bo Christensen

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events