docker-credential-helpers icon indicating copy to clipboard operation
docker-credential-helpers copied to clipboard
verified publisher icon docker

pass: docker login does not work after rotating gpg key

Open nicks opened this issue 2 years ago • 2 comments

Repro steps:

  • Store a login cred:
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com
  • Rotate your gpg key
  • Re-store the login cred with the same command as step 1

Expected result: The creds are stored successfully

Actual result: The old credentials can't be decrypted, so the credential helper fails with gpg: decryption failed: No secret key

nicks avatar Oct 16 '23 13:10 nicks

Note that there are other issues with this error message - e.g., https://github.com/docker/docker-credential-helpers/issues/118

but it wasn't clear to me if they're the same issue

nicks avatar Oct 16 '23 13:10 nicks

i actually think this is kind of an interop issue between docker-credential-helpers and DD, where DD is assuming that if the credential has a decryption error, it means the credential store is corrupted somehow, and so prevents the Store()

nicks avatar Oct 16 '23 14:10 nicks