Español
Home»Operations»Docker: How to initialize docker-credential-pass

Recent Posts

Categories

Archives

Docker: How to initialize docker-credential-pass

2025-01-09 in Operations tagged Docker / Containers / Linux / BASH / Shell by Marc Nuri | Last updated: 2025-01-09
Versión en Español

Introduction

When using Docker with a private registry, you need to authenticate against the registry to pull and push images. This is true also for public registries such as Docker Hub, where you need to authenticate to pull images more than a certain number of times per day.

Docker provides a set of credential helpers to securely manage and store these credentials on your system. Among these, docker-credential-pass stands out for its simplicity and robust security, as it stores credentials in a GPG-encrypted file, leveraging existing tools like pass.

This option is more secure than storing the credentials in plain text in a file which is the default behavior of Docker.

This post will guide you through the process of initializing docker-credential-pass and setting it up to work with Docker.

Prerequisites

Before you start, make sure you have the following installed on your system:

You should be able to find packages for these tools in your system's package manager.

Initializing docker-credential-pass

Generating a GPG key pair

A GPG key pair is used to encrypt and decrypt your credentials securely. It acts as the foundation for the pass store.

The first step to be able to use docker-credential-pass is to have a valid GPG key pair. If you don't already have one, you can create one by running the following command:

bash
gpg --full-generate-key

Follow the prompts to create your key pair. When complete, you should get a key ID, which you will need to use in the next step.

Initializing the pass store

You should now initialize the pass store with the GPG key ID you just created:

bash
pass init <key-id>

Checking docker-credential-pass

You can now check that docker-credential-pass is correctly installed and working by running:

bash
docker-credential-pass list

The command should complete without errors and return an empty list {}.

Configuring Docker to use docker-credential-pass

The final step is to configure Docker to use docker-credential-pass as the credential helper. You need to create or edit a file named config.json in the directory ~/.docker with the following content:

~/.docker/config.json
{
  "credsStore": "pass"
}

You should now be able to log in to your private registry using docker login and pull and push images without having to enter your credentials every time.

Conclusion

With these steps, you've set up docker-credential-pass to manage your Docker credentials securely and conveniently. This setup not only simplifies working with private registries but also ensures that your credentials are stored in a safe and encrypted manner.