Access Token for Dockerhub

我与影子孤独终老i 提交于 2020-07-06 08:15:24

问题


I created a repository on hub.docker.com and now want to push my image to the Dockerhub using my credentials. I am wondering whether I have to use my username and password or whether I can create some kind of access token to push the docker image.

What I want to do is using the docker-image resource from Concourse to push an image to Dockerhub. Therefore I have to configure credentials like:

type: docker-image
source:
  email: {{docker-hub-email}}
  username: {{docker-hub-username}}
  password: {{docker-hub-password}}
  repository: {{docker-hub-image-dummy-resource}}

and I don't want to use my Dockerhub password for that.


回答1:


In short, you can't. There are some solutions that may appeal to you, but it may ease your mind first to know there's a structural reason for this:

Resources are configured via their source and params, which are defined at the pipeline level (in your yml file). Any authentication information has to be defined there, because there's no way to get information from an earlier step in your build into the get step (it has no inputs).

Since bearer tokens usually time out after "not that long" (i.e. hours or days) which is also true of DockerHub tokens, the concourse instance needs to be able to fetch a new token from the authentication service every time the build runs if necessary. This requires some form of persistent auth to be stored in the concourse server anyway, and currently Dockerhub does not support CI access tokens a la github.

All that is to say, you will need to provide a username and password to Concourse one way or another.

If you're worried about security, there are some steps you can most likely take to reduce risk:

  • you can use --load-vars-from to protect your credentials from being saved in your pipeline, storing them elsewhere (LastPass, local file, etc).
  • you might be able to create a user on Dockerhub that only has access to the particular repo(s) you want to push, a "CI bot user" if you will.



回答2:


Docker Hub supports Access Token
goto Account Settings > Security

its same as Github personal access token (PAT)

You can use this token instead of actual password



来源:https://stackoverflow.com/questions/41834554/access-token-for-dockerhub

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!