Any way to authenticate using only docker.json tokens?

[Miles-Garnsey]

There's some docs in this repo relating to authenticating to private registries. They show how to use a username and password to authenticate.

Our registry is a Replicated proxy, and the only credentials available are the docker.json type - e.g.

{"auths":{"proxy.replicated.com":{"auth":"<BAS64_STRING>"},"registry.replicated.com":{"auth":"<BAS64_STRING>"}}}

Is there any way to pass this in to the proxy to allow it to connect? Would the google GAR method be appropriate here since both use tokens?

[Miles-Garnsey]

I've determined that there are two ways to do this.

You could add some stuff to the setup scripts so that an auth token (not a username and password) can be added to the kind node's containerd config.toml files as below (NB this depends on containerd version, but this works for mine).

[plugins.\"io.containerd.grpc.v1.cri\".registry.configs.\"registry.replicated.com\".auth]
  auth = \"$AUTH_TOKEN\"

Alternately, it appears that Replicated specifically allows authentication using your replicated license ID as both username and password.

Would it be worth having a new environment variable that allows auth token (not username/password) based auth for specific registries and configures containerd.toml to use it?