Docker Login with `pass`

Note

One problem with running docker login is that it stores your credentials as plaintext in ~/.docker/config.json.

To prevent this, you can setup a tool called docker-credential-pass to store your credentials in pass instead.

The following steps assume you are starting from a fresh OS install and have nothing already setup. If that's not the case, start where you should.

1. Create a GPG key

gpg --batch --generate-key <<-EOF
    Key-Type: RSA
    Key-Length: 2048
    Subkey-Type: RSA
    Subkey-Length: 2048
    Name-Real: {Name}
    Name-Email: {Email or Identifier}
    Expire-Date: 0
    Passphrase: {secret passphrase} # Remove to be prompted for pass
EOF

2. Initialize `pass` with your GPG key

pass init {gpg id}

3. Install `docker-credential-pass`

This is a bit more involved, so visit Setting up docker-credential-helpers

4. Setup `docker login` to use `pass`

Edit ~/.docker/config.json and point credsStore to "pass".

{
    "credsStore": "pass"
}

docker login {site} # {site} would be something like 'ghcr.io'

You will be prompted for your username and password on your initial login. After that, your credentials will be stored in pass instead of ~/.docker/config.json. Subsequent logins will not prompt you for your credentials; they will be pulled from pass automatically.

Docker Login with pass

How to setup docker login with pass.

1. Create a GPG key

2. Initialize pass with your GPG key

3. Install docker-credential-pass

4. Setup docker login to use pass

5. Login

Docker Login with `pass`

2. Initialize `pass` with your GPG key

3. Install `docker-credential-pass`

4. Setup `docker login` to use `pass`