A logo showing the text blog.marcnuri.com
Español
Home»Operations»Docker: How to initialize docker-credential-pass

Recent Posts

  • Fabric8 Kubernetes Client 7.2 is now available!
  • Connecting to an MCP Server from JavaScript using AI SDK
  • Connecting to an MCP Server from JavaScript using LangChain.js
  • The Future of Developer Tools: Adapting to Machine-Based Developers
  • Connecting to a Model Context Protocol (MCP) Server from Java using LangChain4j

Categories

  • Artificial Intelligence
  • Front-end
  • Go
  • Industry and business
  • Java
  • JavaScript
  • Legacy
  • Operations
  • Personal
  • Pet projects
  • Tools

Archives

  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • August 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • February 2020
  • January 2020
  • December 2019
  • October 2019
  • September 2019
  • July 2019
  • March 2019
  • November 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • December 2017
  • July 2017
  • January 2017
  • December 2015
  • November 2015
  • December 2014
  • March 2014
  • February 2011
  • November 2008
  • June 2008
  • May 2008
  • April 2008
  • January 2008
  • November 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007

Docker: How to initialize docker-credential-pass

2025-01-09 in Operations tagged Docker / Containers / Linux / BASH / Shell by Marc Nuri | Last updated: 2025-01-09
Versión en Español

Introduction

When using Docker with a private registry, you need to authenticate against the registry to pull and push images. This is true also for public registries such as Docker Hub, where you need to authenticate to pull images more than a certain number of times per day.

Docker provides a set of credential helpers to securely manage and store these credentials on your system. Among these, docker-credential-pass stands out for its simplicity and robust security, as it stores credentials in a GPG-encrypted file, leveraging existing tools like pass.

This option is more secure than storing the credentials in plain text in a file which is the default behavior of Docker.

This post will guide you through the process of initializing docker-credential-pass and setting it up to work with Docker.

Prerequisites

Before you start, make sure you have the following installed on your system:

  • Docker
  • pass
  • GnuPG
  • docker-credential-pass

You should be able to find packages for these tools in your system's package manager.

Initializing docker-credential-pass

Generating a GPG key pair

A GPG key pair is used to encrypt and decrypt your credentials securely. It acts as the foundation for the pass store.

The first step to be able to use docker-credential-pass is to have a valid GPG key pair. If you don't already have one, you can create one by running the following command:

bash
gpg --full-generate-key

Follow the prompts to create your key pair. When complete, you should get a key ID, which you will need to use in the next step.

Initializing the pass store

You should now initialize the pass store with the GPG key ID you just created:

bash
pass init <key-id>

Checking docker-credential-pass

You can now check that docker-credential-pass is correctly installed and working by running:

bash
docker-credential-pass list

The command should complete without errors and return an empty list {}.

Configuring Docker to use docker-credential-pass

The final step is to configure Docker to use docker-credential-pass as the credential helper. You need to create or edit a file named config.json in the directory ~/.docker with the following content:

~/.docker/config.json
{
  "credsStore": "pass"
}

You should now be able to log in to your private registry using docker login and pull and push images without having to enter your credentials every time.

Conclusion

With these steps, you've set up docker-credential-pass to manage your Docker credentials securely and conveniently. This setup not only simplifies working with private registries but also ensures that your credentials are stored in a safe and encrypted manner.

Twitter iconFacebook iconLinkedIn iconPinterest iconEmail icon

Post navigation
How to skip tests on specific JDK versions with Maven Compiler PluginFive years at Red Hat
© 2007 - 2025 Marc Nuri