Push docker image to private registry (ACR): "Your password will be stored unencrypted"

koanplaned August 12, 2021

Hi all,

I'm using bitbucket pipeline to build and push images to a private Docker registry (ACR):

- echo ${AZURE_PASSWORD} | docker login $AZURE_ACR_URL --username "$AZURE_APP_ID" --password-stdin 
- docker push "${IMAGE}:${VERSION}"

It is working, but there is following statement shown in the logs:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json. 
Configure a credential helper to remove this warning.
See https://docs.docker.com/engine/reference/commandline/login/#credentials-store

I'm using the standard Atlassian template for the docker registry login and I'm wondering, if the whole process is secure? 

Or is it not relevant, because the credentials are just stored temporarly unencrypted within the runtime container of the building step and after the execution, the container shuts down and credentials are gone anyway?

Thanks for any feedback :)

2 answers

1 accepted

1 vote
Answer accepted
Mark C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 17, 2021

Hi @koanplaned ,

Welcome to the Community.

This is actually the default behavior where Docker stores the login password unencrypted in /root/.docker/config.json.

That's correct. Pipelines stores your credential temporarily within the runtime container/pod when you build a step.
However, after the execution, the container/pod will be shut down along with your stored credentials.

As a good practice, just always make sure you're using secured environment variables for your credentials.
This way, your credentials will not be visible on Pipelines UI logs.

Do let me if you have further questions that I can help with.

Regards,
Mark C

koanplaned August 30, 2021

Hi @Mark C

thank you very much for your answer, that helped me to understand the whole process.

0 votes
Bo Christensen March 17, 2023

Hi koanplaned, I know this is an old thread, but any pointers you could give me about using ACR for building and storing my image using 'bitbucket-pipelines.yml'

 

Regards

Bo Christensen

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events