Another day, another problem with docker.
I have a Windows server 2019, docker version 18.09.03 and I want to get my images to ECR.
For certain reasons, I can't have the warning docker : WARNING! Your password will be stored unencrypted
My deployment tool considers it as an error and thus, doesn't deploy. I have therefore been looking how to use --password-stdin in the "correct" manner. Which isn't going very well.
Here is the Powershell script I am using right now.
#First step to create the file
aws ecr get-login --no-include-email | Out-File -FilePath FILEPATH
#Second step to filter the file and just get the password.
-split #(Get-Content -Path FILEPATH) |Select-Object -Index 5 | Out-File -FilePath FILEPATH
#Get authorized but stdin warning??
cat FILEPATH | docker login -u AWS --password-stdin https://NUMBER.dkr.ecr.eu-west-1.amazonaws.com
I am passing the password into a file then stdin from it, it works but it returns the warning.
I have tried that comment too (https://github.com/aws/aws-cli/issues/2875#issuecomment-433565983) but it doesn't accept the flags neither. I do
aws ecr get-login --no-include-email --region eu-west-1 --password-stdin and Unknown options: --password-stdin
aws ecr get-login --region us-east-1 --print-password-only
--print-password-only is unknows as well)
I am FULLY starting to get annoyed and frustrated by now. Any help would be appreciated, thanks!
Use --password-stdin by providing the password via stdin like so:
echo <my_password> | docker login -u <username> --password-stdin
Or, if fetching the password from a file, like so:
cat <my_file> | docker login -u <username> --password-stdin
In order to login without any warning one could try --password-stdin but it is important to remember that the password need to be provided by stdin in this case. So --password-stdin <my-pwd> won't work.
One could try
echo <my-pwd> | docker login <registry-name> -u <username> -p <password>
or the following could be done
cat ~/my-pwd.txt | docker login <registry-name> -u <username> -p <password>
Incase more information refer to the question : Docker: Using --password via the CLI is insecure. Use --password-stdin
Could just redirect stderr, special bonus using a gcloud auth token.
docker login https://us.grc.io -u oauth2accesstoken --password-stdin <<< $(gcloud auth print-access-token --quiet) 2>/dev/null
Login Succeeded
Related
I have an image in an Amazon ECR Repository called workshop
I have a Dockerfile to pull that image
CodeBuild should build the new image from Dockerfile
Problem:
pull access denied for xxxxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com/workshop, repository does not exist or may require 'docker login'
In my buildspec file, I've tried to login with docker, but nothing changes.
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- $(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION)
- aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin
xxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com
- CODEBUILD_RESOLVED_SOURCE_VERSION="${CODEBUILD_RESOLVED_SOURCE_VERSION:-$IMAGE_TAG}"
- IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
Dockerfile looks like this:
FROM xxxxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com/workshop:latest
CMD ["echo", "Hallo!"]
RUN code-server
What may cause the Problem?
Try to update your aws-cli and use latest version, because get-login is deprecated.
New command is like this:
aws ecr get-login-password \
--region <region> \
| docker login \
--username AWS \
--password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com
References:
get-login-password: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecr/get-login-password.html
get-login: https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html
I am trying to run this command inside a Github Actions step running on a Windows agent:
echo ${ACR_SERVICE_PRINCIPAL_PASSWORD} | docker login -u ${ACR_SERVICE_PRINCIPAL} --password-stdin spetestregistry.azurecr.io
But it returns this error:
Error: Cannot perform an interactive login from a non TTY device
Then I tried this command:
echo ${ACR_SERVICE_PRINCIPAL_PASSWORD} | winpty docker login -u ${ACR_SERVICE_PRINCIPAL} --password-stdin spetestregistry.azurecr.io
Which produced this error:
stdin is not a tty
Does anyone know how I can do this?
Finally figured out that I was using the Github secrets variable incorrectly. This works:
echo ${{ secrets.ACR_SERVICE_PRINCIPAL_PASSWORD }} | docker login --username ${{ secrets.ACR_SERVICE_PRINCIPAL }} --password-stdin spetestregistry.azurecr.io
I tried to connect to my dockerHub via travis ci
echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
but i got this error
Error: Cannot perform an interactive login from a non TTY device
Try this instead:
docker login --username "$USER" --password "$PWD"
I am failing to login to a remote docker registry using a command of the form:
docker login –u my-username –p my-password registry.myclient.com
The error I get is the following:
"docker login" requires at most 1 argument.
See 'docker login --help'.
Usage: docker login [OPTIONS] [SERVER]
How can login to the remote registry?
You don't have tacks in front of your options, it's some other dash like character. Try this instead:
docker login -u my-username -p my-password registry.myclient.com
While it looks similar, -u and -p are not the same as –u and –p.
This one worked for me if ci environment is in play:
echo ${MVN_PASSWORD} | docker login -u ${MVN_USER} --password-stdin ${MVN_URL}
these variables need to be set up via Settings > CI/CD > Variables (gitlabci example)
Here is what worked for me:
I saved the password in a file called my_password.txt.
Then, I ran the following command:
cat ~/my_password.txt | docker login -u AWS --password-stdin https://{YOUR_AWS_ACCOUNT_ID}.dkr.ecr.{YOUR_AWS_REGION}.amazonaws.com
Can I use the 'gcloud docker' client on coreos? I want to do pull a container, but when I do
gcloud docker pull
I get
WARNING: 'docker' was not discovered on the path. Credentials have been stored, but are not guaranteed to work with the 1.11 Docker client ifan external credential store is configured.
Can I install a full-fledged gcloud client? And where is gcloud anyway? I can run it, but which gcloud comes back empty handed.
You have to use this command:
$ docker login -e 1234#5678.com -u _token -p "$(gcloud auth print-access-token)" https://gcr.io
You can also change the https://gcr.io to e.g.: https://us.gcr.io if your image is stored somewhere else.
If this not works, try the JSON Keyfile Method it is more reliable.
docker login -e 1234#5678.com -u _json_key -p "$(cat keyfile.json)" https://gcr.io
It is also documented here:
https://cloud.google.com/container-registry/docs/advanced-authentication