kamal icon indicating copy to clipboard operation
kamal copied to clipboard

Published 20 hours ago verified publisher icon basecamp

Allow registry username to be a secret

Open kjellberg opened this issue 1 year ago • 2 comments

From DigitalOcean docs:

For CI systems that support configuring registry authentication via username and password, use a DigitalOcean API token as both the username and the password. The API token must have read/write privileges to push to your registry.

The username config option should allow a secret reference, the same way as password does. This doesn't work:

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  server: registry.digitalocean.com
  username: 
    - SECRET_REGISTRY_TOKEN
  password: 
    - SECRET_REGISTRY_TOKEN

kjellberg avatar Mar 05 '23 22:03 kjellberg

That config is working for me:

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  server: registry.digitalocean.com
  username: <%= ENV.fetch("SECRET_REGISTRY_TOKEN") %>
  password: <%= ENV.fetch("SECRET_REGISTRY_TOKEN") %>

kulturbande avatar Mar 07 '23 07:03 kulturbande

That config is working for me:

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  server: registry.digitalocean.com
  username: <%= ENV.fetch("SECRET_REGISTRY_TOKEN") %>
  password: <%= ENV.fetch("SECRET_REGISTRY_TOKEN") %>

Thanks, it works! But I still think it's a good idea to accept the array format for references on both properties.

ERB looks weird and ugly for non-ruby programmers and may actually scare them away :D

kjellberg avatar Mar 07 '23 09:03 kjellberg