basecamp
Dockerfile: Include CLI binaries for supported password managers
Towards https://github.com/basecamp/kamal/issues/1065
Changes
- Update
Dockerfileby including CLI binaries for supported password managers (currently 1Password, LastPass, and Bitwarden)
Image size impact: +114MB
Before:
docker pull ghcr.io/basecamp/kamal:latest
docker images ghcr.io/basecamp/kamal:latest
REPOSITORY TAG IMAGE ID CREATED SIZE
ghcr.io/basecamp/kamal latest 2c8810e720d9 36 hours ago 674MB
After:
> docker pull ptuladhar/kamal:latest
> docker images ptuladhar/kamal:latest
REPOSITORY TAG IMAGE ID CREATED SIZE
ptuladhar/kamal latest 690384d22c81 32 minutes ago 788MB
Versions:
docker run -it --entrypoint sh ptuladhar/kamal:latest
/workdir # lpass --version
LastPass CLI v1.3.3.GIT
/workdir # op --version
2.30.0
/workdir # bw --version
Could not find dir, "/root/.config/Bitwarden CLI"; creating it instead.
Could not find data file, "/root/.config/Bitwarden CLI/data.json"; creating it instead.
2024.9.0
Idea:
- Maybe, move this enhance to
Dockerfile.extendedand publish the image separately asdocker pull ghcr.io/basecamp/kamal:extended
We could add these binaries, but there's more to it than that. The docker container that runs Kamal doesn't have any password manager configuration in it, so for example with 1Password I need to enter the full signin details every time (1password account, email address, secret key, password).
Then each manager/secret store will have its way to configure itself and its own challenges. As we add more adapters we'll have more to deal with those as well, and we'll bloat the image with more binaries.
Run kamal via a docker image has many drawbacks and I'm not sure we should be recommending it anymore. Though installing it directly is certainly annoying for users who don't want to deal with Ruby. Shame there doesn't seem to be a simple reliable method for generating standalone binaries for Ruby gems.
