1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00

Add credential helper documentation

Signed-off-by: Jake Sanders <jsand@google.com>
This commit is contained in:
Jake Sanders 2016-12-02 16:03:16 -08:00
parent 74ecec9199
commit 68211f4cb4
2 changed files with 51 additions and 2 deletions

View file

@ -142,6 +142,20 @@ property is not set, the client falls back to the default table
format. For a list of supported formatting directives, see format. For a list of supported formatting directives, see
[**Formatting** section in the `docker stats` documentation](stats.md) [**Formatting** section in the `docker stats` documentation](stats.md)
The property `credsStore` specifies an external binary to serve as the default
credential store. When this property is set, `docker login` will attempt to
store credentials in the binary specified by `docker-credential-<value>` which
is visible on `$PATH`. If this property is not set, credentials will be stored
in the `auths` property of the config. For more information, see the
[**Credentials store** section in the `docker login` documentation](login.md#credentials-store)
The property `credHelpers` specifies a set of credential helpers to use
preferentially over `credsStore` or `auths` when storing and retrieving
credentials for specific registries. If this property is set, the binary
`docker-credential-<value>` will be used when storing or retrieving credentials
for a specific registry. For more information, see the
[**Credential helpers** section in the `docker login` documentation](login.md#credential-helpers)
Once attached to a container, users detach from it and leave it running using Once attached to a container, users detach from it and leave it running using
the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable
using the `detachKeys` property. Specify a `<sequence>` value for the using the `detachKeys` property. Specify a `<sequence>` value for the
@ -171,7 +185,12 @@ Following is a sample `config.json` file:
"imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
"statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
"serviceInspectFormat": "pretty", "serviceInspectFormat": "pretty",
"detachKeys": "ctrl-e,e" "detachKeys": "ctrl-e,e",
"credsStore": "secretservice",
"credHelpers": {
"awesomereg.example.org": "hip-star",
"unicorn.example.com": "vcbait"
}
} }
{% endraw %} {% endraw %}

View file

@ -63,7 +63,9 @@ you can download them from:
### Usage ### Usage
You need to specify the credentials store in `$HOME/.docker/config.json` You need to specify the credentials store in `$HOME/.docker/config.json`
to tell the docker engine to use it: to tell the docker engine to use it. The value of the config property should be
the suffix of the program to use (i.e. everything after `docker-credential-`).
For example, to use `docker-credential-osxkeychain`:
```json ```json
{ {
@ -120,3 +122,31 @@ an example of that payload: `https://index.docker.io/v1`.
The `erase` command can write error messages to `STDOUT` that the docker engine The `erase` command can write error messages to `STDOUT` that the docker engine
will show if there was an issue. will show if there was an issue.
## Credential helpers
Credential helpers are similar to the credential store above, but act as the
designated programs to handle credentials for *specific registries*. The default
credential store (`credsStore` or the config file itself) will not be used for
operations concerning credentials of the specified registries.
### Usage
If you are currently logged in, run `docker logout` to remove
the credentials from the default store.
Credential helpers are specified in a similar way to `credsStore`, but
allow for multiple helpers to be configured at a time. Keys specify the
registry domain, and values specify the suffix of the program to use
(i.e. everything after `docker-credential-`).
For example:
```json
{
"credHelpers": {
"registry.example.com": "registryhelper",
"awesomereg.example.org": "hip-star",
"unicorn.example.io": "vcbait"
}
}
```