I’m trying to set up a CI environment to build and push a Docker image for a project. The Docker registry I’m trying to push to is a private registry that requires me to log in. I can log in to the registry using the
docker login my-registry
command.I cannot change the configuration of the registry.
Currently I’m using a GitLab
shell
runner on my PC that builds the Docker image. The runner should be able to also log in to the registry by using the above mentioned command. The problem is that it of course needs the credentials.I don’t want to store the credentials in plain text somewhere the
gitlab-runner
user can access them directly because someone with access to the.gitlab-ci.yaml
could then just do acat password.txt
ordocker-credentials-secretservice get
or something similar to retrieve the credentials.Questions:
- Is there a way to store the credentials in such a manner that only
docker login
can access and decypher them and no other command that could be executed from.gitlab-ci.yaml
?- Is there an alternative way to build and push a docker image to a private registry when I don’t have access to the configuration of the registry?
Answer
in your runner machine, try su to gitlab-runner and docker login -u username private.host
. Then the login credential will be stored in ~/.docker/config.json and it shall be good now for gitlab-runner docker cmds
Attribution
Source : Link , Question Author : Hendrik Wiese , Answer Author : xgwang