Hi all,
I'm using bitbucket pipeline to build and push images to a private Docker registry (ACR):
- echo ${AZURE_PASSWORD} | docker login $AZURE_ACR_URL --username "$AZURE_APP_ID" --password-stdin
- docker push "${IMAGE}:${VERSION}"
It is working, but there is following statement shown in the logs:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning.
See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
I'm using the standard Atlassian template for the docker registry login and I'm wondering, if the whole process is secure?
Or is it not relevant, because the credentials are just stored temporarly unencrypted within the runtime container of the building step and after the execution, the container shuts down and credentials are gone anyway?
Thanks for any feedback :)
Hi @koanplaned ,
Welcome to the Community.
This is actually the default behavior where Docker stores the login password unencrypted in /root/.docker/config.json.
That's correct. Pipelines stores your credential temporarily within the runtime container/pod when you build a step.
However, after the execution, the container/pod will be shut down along with your stored credentials.
As a good practice, just always make sure you're using secured environment variables for your credentials.
This way, your credentials will not be visible on Pipelines UI logs.
Do let me if you have further questions that I can help with.
Regards,
Mark C
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi koanplaned, I know this is an old thread, but any pointers you could give me about using ACR for building and storing my image using 'bitbucket-pipelines.yml'
Regards
Bo Christensen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.