cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon docker

[QUESTION] Save my login password on the remote server?

Open zyxkad opened this issue 3 years ago • 1 comments

Description

Steps to reproduce the issue:

  1. Run docker login
  2. Input your username and password

Describe the results you received:

WARNING! Your password will be stored unencrypted in /home/username/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Describe the results you expected: None

Additional information you deem important (e.g. issue happens only occasionally):

I don't understand why docker saved my password unencrypted on the computer.
It's a really unsafe operation.
How can I disabled it? I wasn't found the operation in https://docs.docker.com/engine/reference/commandline/login/

Output of docker version:

Client: Docker Engine - Community
 Version:           20.10.12
 API version:       1.41
 Go version:        go1.16.12
 Git commit:        e91ed57
 Built:             Mon Dec 13 11:45:48 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.12
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.12
  Git commit:       459d0df
  Built:            Mon Dec 13 11:43:56 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.12
  GitCommit:        7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc:
  Version:          1.0.2
  GitCommit:        v1.0.2-0-g52b36a2
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
  scan: Docker Scan (Docker Inc., v0.12.0)

Server:
 Containers: 20
  Running: 11
  Paused: 0
  Stopped: 9
 Images: 91
 Server Version: 20.10.12
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.10.0-14-amd64
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.52GiB
 Name: nascasrv
 ID: UFWT:E4YA:XVGU:2QIN:POHI:4BUK:D2HE:PV7J:OJ5P:RO3E:XMGY:PHN5
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Username: kupen
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.):

zyxkad avatar May 29 '22 23:05 zyxkad

I think docker should use and keep login token, like this github. Not your password

zyxkad avatar May 29 '22 23:05 zyxkad

As the warning message said, check out:

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

s4ke avatar Sep 01 '22 21:09 s4ke

As mentioned by @s4ke, you can use the credential stores to do this more securely. docker login will also only store only the identity token if the registry supports such auth.

cpuguy83 avatar Sep 12 '22 16:09 cpuguy83