mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Add credential helper documentation
Signed-off-by: Jake Sanders <jsand@google.com>
This commit is contained in:
parent
74ecec9199
commit
68211f4cb4
2 changed files with 51 additions and 2 deletions
|
@ -142,6 +142,20 @@ property is not set, the client falls back to the default table
|
||||||
format. For a list of supported formatting directives, see
|
format. For a list of supported formatting directives, see
|
||||||
[**Formatting** section in the `docker stats` documentation](stats.md)
|
[**Formatting** section in the `docker stats` documentation](stats.md)
|
||||||
|
|
||||||
|
The property `credsStore` specifies an external binary to serve as the default
|
||||||
|
credential store. When this property is set, `docker login` will attempt to
|
||||||
|
store credentials in the binary specified by `docker-credential-<value>` which
|
||||||
|
is visible on `$PATH`. If this property is not set, credentials will be stored
|
||||||
|
in the `auths` property of the config. For more information, see the
|
||||||
|
[**Credentials store** section in the `docker login` documentation](login.md#credentials-store)
|
||||||
|
|
||||||
|
The property `credHelpers` specifies a set of credential helpers to use
|
||||||
|
preferentially over `credsStore` or `auths` when storing and retrieving
|
||||||
|
credentials for specific registries. If this property is set, the binary
|
||||||
|
`docker-credential-<value>` will be used when storing or retrieving credentials
|
||||||
|
for a specific registry. For more information, see the
|
||||||
|
[**Credential helpers** section in the `docker login` documentation](login.md#credential-helpers)
|
||||||
|
|
||||||
Once attached to a container, users detach from it and leave it running using
|
Once attached to a container, users detach from it and leave it running using
|
||||||
the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable
|
the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable
|
||||||
using the `detachKeys` property. Specify a `<sequence>` value for the
|
using the `detachKeys` property. Specify a `<sequence>` value for the
|
||||||
|
@ -171,7 +185,12 @@ Following is a sample `config.json` file:
|
||||||
"imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
|
"imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",
|
||||||
"statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
|
"statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",
|
||||||
"serviceInspectFormat": "pretty",
|
"serviceInspectFormat": "pretty",
|
||||||
"detachKeys": "ctrl-e,e"
|
"detachKeys": "ctrl-e,e",
|
||||||
|
"credsStore": "secretservice",
|
||||||
|
"credHelpers": {
|
||||||
|
"awesomereg.example.org": "hip-star",
|
||||||
|
"unicorn.example.com": "vcbait"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
{% endraw %}
|
{% endraw %}
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,9 @@ you can download them from:
|
||||||
### Usage
|
### Usage
|
||||||
|
|
||||||
You need to specify the credentials store in `$HOME/.docker/config.json`
|
You need to specify the credentials store in `$HOME/.docker/config.json`
|
||||||
to tell the docker engine to use it:
|
to tell the docker engine to use it. The value of the config property should be
|
||||||
|
the suffix of the program to use (i.e. everything after `docker-credential-`).
|
||||||
|
For example, to use `docker-credential-osxkeychain`:
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
|
@ -120,3 +122,31 @@ an example of that payload: `https://index.docker.io/v1`.
|
||||||
|
|
||||||
The `erase` command can write error messages to `STDOUT` that the docker engine
|
The `erase` command can write error messages to `STDOUT` that the docker engine
|
||||||
will show if there was an issue.
|
will show if there was an issue.
|
||||||
|
|
||||||
|
## Credential helpers
|
||||||
|
|
||||||
|
Credential helpers are similar to the credential store above, but act as the
|
||||||
|
designated programs to handle credentials for *specific registries*. The default
|
||||||
|
credential store (`credsStore` or the config file itself) will not be used for
|
||||||
|
operations concerning credentials of the specified registries.
|
||||||
|
|
||||||
|
### Usage
|
||||||
|
|
||||||
|
If you are currently logged in, run `docker logout` to remove
|
||||||
|
the credentials from the default store.
|
||||||
|
|
||||||
|
Credential helpers are specified in a similar way to `credsStore`, but
|
||||||
|
allow for multiple helpers to be configured at a time. Keys specify the
|
||||||
|
registry domain, and values specify the suffix of the program to use
|
||||||
|
(i.e. everything after `docker-credential-`).
|
||||||
|
For example:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"credHelpers": {
|
||||||
|
"registry.example.com": "registryhelper",
|
||||||
|
"awesomereg.example.org": "hip-star",
|
||||||
|
"unicorn.example.io": "vcbait"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in a new issue