2

Another day, another problem with docker. I have a Windows server 2019, docker version 18.09.03 and I want to get my images to ECR.

For certain reasons, I can't have the warning docker : WARNING! Your password will be stored unencrypted My deployment tool considers it as an error and thus, doesn't deploy. I have therefore been looking how to use --password-stdin in the "correct" manner. Which isn't going very well.

Here is the Powershell script I am using right now. 

#First step to create the file
aws ecr get-login --no-include-email | Out-File -FilePath FILEPATH 
#Second step to filter the file and just get the password.
-split @(Get-Content -Path FILEPATH) |Select-Object -Index 5 | Out-File -FilePath FILEPATH

#Get authorized but stdin warning?? 
cat FILEPATH | docker login -u AWS --password-stdin https://NUMBER.dkr.ecr.eu-west-1.amazonaws.com

I am passing the password into a file then stdin from it, it works but it returns the warning.

I have tried that comment too (https://github.com/aws/aws-cli/issues/2875#issuecomment-433565983) but it doesn't accept the flags neither. I do 

aws ecr get-login --no-include-email --region eu-west-1 --password-stdin and Unknown options: --password-stdin
aws ecr get-login --region us-east-1 --print-password-only
--print-password-only is unknows as well)

I am FULLY starting to get annoyed and frustrated by now. Any help would be appreciated, thanks!

shrimpy
  • 653
  • 3
  • 11
  • 27
  • Are you sure your exit code is non zero? I am using `docker login -u ... -p ...` and getting the warning, but the exit code is 0 and the scripts continue normally. – DannyB Apr 02 '19 at 11:54
  • Technically, the exit code is 0 yes :). However, the CI Tool for whatever reason picks up the warning as a 1 and returns an error... – shrimpy Apr 02 '19 at 12:05
  • Well then, that's a CI tool problem.... In any case, if you just want to progress beyond that point and fix it later, you can ignore its output for now (`> /dev/null 2&>1`) and solve it later. And if you are at the "later" stage, and want to fix now and use STDIN password, I suggest you follow what the warning tells you and implement [credentials helper](https://docs.docker.com/engine/reference/commandline/login/#credential-helpers) - I am personally not using it, I see no need and in any case - don't be discouraged, docker is super helpful once you iron out these issues. – DannyB Apr 02 '19 at 12:15
  • I have done a previous Ps script to force the exit code to be 1, but as you said, it is a CI tool problem mostly... I will try the Credentials Store, however, first time using it so I need to wrap my mind around it. thanks for the help tho! – shrimpy Apr 02 '19 at 12:28

3 Answers3

2

Use --password-stdin by providing the password via stdin like so:

echo <my_password> | docker login -u <username> --password-stdin

Or, if fetching the password from a file, like so:

cat <my_file> | docker login -u <username> --password-stdin
Sebastian
  • 76
  • 9
  • This answer appears to be identical to the previous answer. – ouflak Feb 15 '22 at 17:48
  • No, note that the previous answer is buggy: the -p parameter does not take std input and the parameter is piped to docker login (the previous answer describes that there needs to be a attached, which is wrong) – Sebastian Feb 16 '22 at 18:17
0

In order to login without any warning one could try --password-stdin but it is important to remember that the password need to be provided by stdin in this case. So --password-stdin <my-pwd> won't work. One could try 

echo <my-pwd> | docker login <registry-name> -u <username> -p <password>

or the following could be done

cat ~/my-pwd.txt | docker login <registry-name> -u <username> -p <password>

Incase more information refer to the question : Docker: Using --password via the CLI is insecure. Use --password-stdin

Shubhanshu Rastogi
  • 2,133
  • 1
  • 20
  • 30
0

Could just redirect stderr, special bonus using a gcloud auth token.

docker login https://us.grc.io -u oauth2accesstoken --password-stdin <<< $(gcloud auth print-access-token --quiet) 2>/dev/null

Login Succeeded

0bel1sk
  • 505
  • 5
  • 4