Docker login auth token

Question

I'm trying to get docker login auth from ~/.docker/config.json file. But I can't see auth token in my config.json file. Here is my docker version.

docker version
Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Tue Mar 28 00:40:02 2017
 OS/Arch:      darwin/amd64

Server:
 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Fri Mar 24 00:00:50 2017
 OS/Arch:      linux/amd64
 Experimental: true

When I run cat ~/.docker/config.json then what I can see is

cat .docker/config.json
{
    "auths": {
        "https://index.docker.io/v1/": {}
    },
    "credsStore": "osxkeychain"
}%

According to Codeship documentation I should have to see

{
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "auth_key",
            "email": "email"
        }
    }
}

Can I disable storing my authkey in keychain?

I really need to get auth_key, how can I get that?

Thank you

The simplest way to solve that is to install somewhere old version of docker inside of ubuntu and generate token there. Not offering it as answer as it's ugly. But works. — Sergey Moiseev, Apr 25 '17 at 20:53
Check your Keychain Access App for a matching key https://stackoverflow.com/a/59363993/4418836 — Jordan, Dec 16 '19 at 20:40

score 101 · Answer 1 · answered Aug 14 '17 at 09:11

101

Auth is simply a base64 encoded 'username:password' string. You can get it with the following command:

echo -n 'username:password' | base64

answered Aug 14 '17 at 09:11

Roman Timushev

1,121
1
7
6

2

I think it is a easiest way to generate auth token on mac os which by default store docker credentials on mac os keychain... – Przemek Nowak Nov 25 '17 at 13:15
3

Depending on the `base64` implementation you may have to disable line wrapping by using the `-w` flag: `base64 -w 0`. – Romain Mar 30 '23 at 07:11

NicoKowe · Answer 2 · 2021-07-07T14:58:21.280

24

If you are using Kubernetes, and you need it for creating the registry password just run:

kubectl create secret docker-registry --dry-run=true docker-regcred \
--docker-server=https://index.docker.io/v1/ \
--docker-username=xxx \
--docker-password=xxx \
--docker-email=yourmail@yourdomain.com \
--namespace=xxx \
-o yaml > docker-secret.yaml

This will create docker-secret.yaml with your JSON there. if you dont include --dry-run=client and -o yaml > docker-secret.yaml It will create the k8s secret.

edited Jul 07 '21 at 14:58

answered Jun 21 '19 at 08:50

NicoKowe

2,989
2
19
26

7

Note this will expose your password to your shell history and the kubectl session... – flurdy Aug 09 '19 at 14:14
4

`--dry-run=true is deprecated (boolean value) and can be replaced with --dry-run=client.` Works after the change – mjwrazor Jan 07 '21 at 22:48

score 11 · Answer 3 · edited Jan 12 '23 at 14:17

Using credential store is more secure than storing base64 encoded credentials in config.json file. In your case docker is using the native keychain of the Mac OS (i.e. osxkeychain) as the credential store.

Now for the problem of getting credentials from the osxkeychain you can use docker-credential-helpers.

Steps to get the credential (in terminal):

Download the latest release.
Extract and move it to /usr/local/bin or add its path to the $PATH variable. So that you are able to access it globally.
Execute this command in terminal echo "<server-url>" | docker-credential-osxkeychain get. In case you want to find out the server-url use this command docker-credential-osxkeychain list.

Get credential in go code:

package main

import (
    "fmt"

    osx "github.com/docker/docker-credential-helpers/client"
)

func main() {

    p := osx.NewShellProgramFunc("docker-credential-osxkeychain")

    creds, err := osx.Get(p, "server-url")
    if err != nil {
        fmt.Println(err)
    }

    fmt.Printf("Got credentials for user `%s` in `%s` with secret `%s` \n", creds.Username, creds.ServerURL, creds.Secret)
}

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - [From Review](/review/low-quality-posts/21094523) — zgue, Oct 10 '18 at 20:39

score 10 · Answer 4 · answered Dec 17 '19 at 18:09

I had this issue too; I fixed it by deleting the "credsStore" key from that JSON file. The next time I ran docker login, it gave me a warning but saved the auth token into that file.

Here's my docker version:

$ docker version
Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.13.3
 Git commit:        9013bf5
 Built:             Wed Oct 30 21:32:58 2019
 OS/Arch:           darwin/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:55:51 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

score 8 · Answer 5 · answered May 05 '19 at 05:14

8

using macos，you need write a config.json file, template like this:

{
    "auths": {
        "hub.xxx.com": {
            "username": "xxx",
            "password": "xxx",
            "email": "xxx",
            "auth": "base64(username:password)"
        }
    }
}

answered May 05 '19 at 05:14

flynn

315
3
3

The OP knows he needs to write a config file. He is asking how to automatically write to the config file when doing docker login. – Jun 04 '21 at 08:33

score 6 · Answer 6 · answered Feb 24 '21 at 18:26

Based on the answer from Roman, I've created a small "one liner" that can easily be given to users as a copy-paste instruction:

echo -en "------\nPlease enter Docker registry login:\nUsername: "; \
    read regusername; \
    echo -n "Password: "; \
    read -s regpassword; \
    echo""; \
    echo -n "Auth Token: "; \
    echo -n "$regusername:$regpassword" | base64; \
    unset regpassword; \
    unset regusername;

Or the "real" one-liner:

echo -en "------\nPlease enter Docker registry login:\nUsername: "; read regusername; echo -n "Password: "; read -s regpassword; echo""; echo -n "Auth Token: "; echo -n "$regusername:$regpassword" | base64; unset regpassword; unset regusername;

Advantage over the simple base64-command: It doesn't display the password input, so you can't find the clear password in the bash history. It also prints clear instructions to the user.

Tested on:

MacOS in zsh and bash
Ubuntu in bash

score 2 · Answer 7 · edited Jul 02 '22 at 19:24

2

Deleting the config.json file and log-in again fixed the issue for me.

edited Jul 02 '22 at 19:24

sigur

662
6
21

answered Jun 29 '22 at 05:08

Elad Levy

41
9

Docker login auth token

7 Answers7

Linked