Skip to content

cli/registry/login: Add the --password-env flag #5971

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
octo opened this issue Mar 31, 2025 · 0 comments · May be fixed by #5972
Open

cli/registry/login: Add the --password-env flag #5971

octo opened this issue Mar 31, 2025 · 0 comments · May be fixed by #5972
Labels
kind/feature status/0-triage

Comments

@octo
Copy link

octo commented Mar 31, 2025

Description

Add support for providing registry passwords via environment variables, which is particularly useful in CI pipelines. For example, GitLab stores registry passwords in the CI_REGISTRY_PASSWORD environment variable.

With the --password-env flag, authenticating to a registry is as simple as:

docker login --username "${CI_REGISTRY_USER}" --password-env "CI_REGISTRY_PASSWORD" "${CI_REGISTRY}"

Alternatives Considered

  • Using docker login -p "${VAR}" with warning suppression

    • Shell history concerns don't apply with variable substitution
    • Tokens are often short-lived, reducing security concerns
    • Could introduce a way to suppress warnings via environment variables

  • Passing passwords via STDIN (current recommended method):

    echo "${CI_REGISTRY_PASSWORD}" | docker login --username "${CI_REGISTRY_USER}" --password-stdin "${CI_REGISTRY}"

    Avoids warnings but adds complexity to command chains
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature status/0-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

cli/registry/login: Add the --password-env flag octo/docker-cli
1 participant
@octo