docker login best practice

[pascalandy]

To script your log in. Especially useful when using a CI.
Example: https://github.com/firepress-org/ghostfire/blob/master/.travis.yml#L81

[pascalandy]

@Kexkey it should be good this time!

[Kexkey]

Hi @pascalandy ! Thanks for the suggestion.

So I checked the link you provided and been thinking about all that. First, the line you modified is simply a comment. A reminder to the operator (who is me in the case of the user cyphernode) to log into the docker hub to be able to push the images to the cyphernode repo.

If I use docker login -u cyphernode or simply docker login, docker interactively asks me for the credentials; so they are not part of the shell history. Neither do they need to be stored.

If I want to script it, by replacing this way of authenticating my user by the echo of the password from a shell variable, the password must be stored in clear somewhere to assign it to the variable. Isn't it more prone to password-leak? Of course, assigning the password to the variable command-line will put the info in the shell history. But I understand that if Travis (or any other tool) needs the password, of course I have to share it with "something" and using a pre-assigned variable may be the way to go.

Let me know if I am missing something.

Thanks again and don't hesitate to have a look at our docker stuff! We need this kind of inputs.

[pascalandy]

You are all correct. I only submitted this PR as you shared during a meetup that you want to script the way we release and test this stack.

I shared an example of how I use it via a DM on Twitter.

If I want to script it, by replacing this way of authenticating my user by the echo of the password from a shell variable

[Kexkey]

Right, indeed it’s something docker devs should be aware of. I completely missed your DMs, I just read them, very interesting! Thanks for sharing the best practices and hope to see you again at the next meetup!

[schulterklopfer]

NICE!