Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing config.json for Auth on Mac OS with "credsStore": "osxkeychain" fails #677

Closed
michaeldye opened this issue Oct 9, 2017 · 4 comments
Closed

Parsing config.json for Auth on Mac OS with "credsStore": "osxkeychain" fails #677

michaeldye opened this issue Oct 9, 2017 · 4 comments
Labels
unfortunate

Comments

@michaeldye
Copy link

michaeldye commented Oct 9, 2017
edited
Loading

I have a Docker config file in ~/.docker/config.json with this content:

{ "auths": { "mydomain.org": {} }, "credsStore": "osxkeychain" }

... I get an ErrCannotParseDockercfg returned from https://github.com/fsouza/go-dockerclient/blob/master/auth.go#L138 .
@fsouza
Copy link
Owner

fsouza commented Oct 10, 2017

@michaeldye hey, thanks for reporting this. We can fix the parsing issue, but right now go-dockerclient isn't integrated with osxkeychain and wouldn't be able to retrieve your credentials there.

I think that you could use docker's helpers to load the data from the keychain (https://github.com/docker/docker-credential-helpers/tree/master/osxkeychain), then construct AuthConfiguration from the data you get from the keychain.

Doing that in go-dockerclient would make go-dockerclient require CGO, which isn't really worth it. There could be a package that given a serverURL returns a go-dockerclient's AuthConfiguration, but that couldn't live inside go-dockerclient.

@cdrage cdrage mentioned this issue Jan 24, 2018
Closed
@coodix
Copy link

coodix commented Jan 24, 2018
edited
Loading

@fsouza hey, the workaround by manual adding auth base64 encoded string to config.json could be easy:
{ "auths": { "dockerio.badoo.com": {}, "localhost:5000": { "auth": "...base64encoded credentials..." } }, "credsStore": "osxkeychain" }
But another problem is that if any of auths doesn't have auth string then authConfigs function from auth.go fails with error "ErrCannotParseDockercfg". That makes impossible this workaround.

Do you consider returning error only if there are no one valid auth string in config file?

@fsouza
Copy link
Owner

fsouza commented Jan 26, 2018

Hey @coodix, thanks for the feedback. YEah, that makes sense. I'm gonna modify the code to behave as you suggested. Thank you very much!

@fsouza fsouza closed this as completed in baaca7f Jan 26, 2018
@mavogel mavogel mentioned this issue Feb 21, 2018
Merged
@gabrielgrant gabrielgrant mentioned this issue Dec 17, 2018
Closed
@wuestkamp
Copy link

So I solved this on OSX by disabling the keychain password storage:

  1. rm ~/.docker/config.json
  2. in Docker for Mac preferences, untick "Securely store Docker logins in macOS keychain"
  3. restart Docker for Mac
  4. docker login

Or for glcoud and pushing to gcr:
gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://eu.gcr.io

now your ~/.docker/config.json should contain base64 encoded passwords. Working, not safe though!

If someone gets the keychain storage to work that would be nice...

@michaelruocco michaelruocco mentioned this issue Nov 16, 2019
Closed
@fsouza fsouza mentioned this issue Apr 7, 2020
Closed
@hangyan hangyan mentioned this issue Aug 11, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
unfortunate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@coodix @fsouza @wuestkamp @michaeldye