52

How can I preseed my credentials to docker login command within a script ?

I'm using a bash script that basically automates the whole process of setting up my custom VMs etc, but when I need to login to docker within the script to pull the images, I get the following error:

Username: FATA[0000] inappropriate ioctl for device


The command I was using is the following:

( echo "xxx"; echo "yyy"; echo "zzz" ) | docker login docker.somesite.org


Is this possible to achieve without using and coping over an existing .dockercfg file and how,
Many thanks.

5 Answers5

109

Docker 18 and beyond

There's now an officially-documented way to do this:

cat ~/my_password.txt | docker login --username foo --password-stdin

Docker 1.11 through Docker 17

You can pass all the arguments on the command-line:

docker login --username=$DOCKER_USER --password=$DOCKER_PASS $DOCKER_HOST

If you don't specify DOCKER_HOST, you'll get the main Docker repo. If you leave out any of the arguments, you'll be prompted for that argument.

Older than 1.11

The same path as just above, except that you need to also pass an --email flag. The contents of this are not actually checked, so anything is fine:

docker login --username=$DOCKER_USER --password=$DOCKER_PASS $DOCKER_HOST --email whale@docker.com
Nathaniel Waisbrot
  • 23,261
  • 7
  • 71
  • 99
  • 5
    Short notation might be more convenient: `docker login -u $DOCKER_USER -p $DOCKER_PASS -m $DOCKER_EMAIL $DOCKER_HOST` – antonbormotov Feb 23 '16 at 09:44
  • 5
    It's a matter of preference, but when I'm writing a script I prefer long options because it's self-documenting and there's no advantage to terseness. (As opposed to on the command line where it's saving my fingers and avoiding wrapping.) – Nathaniel Waisbrot Feb 23 '16 at 15:38
  • Passing the password on the command line is insecure, but so far I haven't been able to find an alternative. – Jason Heiss May 09 '16 at 20:36
  • @JasonHeiss you could log in manually, then get the token, then create the `~/.docker/config.json` file yourself. But Docker Hub doesn't really have a system for creating and destroying tokens for programmatic use. – Nathaniel Waisbrot May 10 '16 at 11:09
  • As of Docker 1.11.0, using `--email` is deprecated; and will be removed in 1.14. Above example still valid minus that argument. – meatspace Sep 28 '16 at 19:43
  • You should never use "--password" since that will expose the password to logfiles in case of a DockerHub API error and will also make it visible to other processes. Instead, use "--password-stdin" – Marco de Abreu Nov 26 '18 at 10:14
  • Now that Docker gives a warning about storing the password unencrypted on the machine, is it possible do do an unattended docker login in case of having a credentials store set up for it? Currently it asks for the passphrase of the GPG private key if using `pass` on Linux. Can the passphrase be provided somehow without user intervention? – alvarez Nov 04 '19 at 14:58
  • instead of password, generate an access token in https://hub.docker.com/ -> Settings -> Security – vladli Dec 19 '22 at 19:54
18

To run the docker login command non-interactively, you can set the --password-stdin flag to provide a password through STDIN. Using STDIN prevents the password from ending up in the shell’s history, or log-files.

$ echo $DOCKER_PASS | docker login -u$DOCKER_USER --password-stdin $DOCKER_HOST
slm
  • 15,396
  • 12
  • 109
  • 124
noelmcloughlin
  • 1,723
  • 1
  • 12
  • 10
8

When you login to your private registry, docker auto create a file $HOME/.docker/config.json The file had the Credentials info, so you could save the file and copy to any host when you want to login the registry.

The file content like this:

{
     "auths": {
                   "example.com": {
                                    "auth": "xxxxxxxxxxxxxxxxxxxxxxx"
                    }
            }
 }

Add-on If you want to login multi docker registry on one server ,just add another auth info.like this:

{
     "auths": {
                   "example.com": {
                                    "auth": "xxxxxxxxxxxxxxxxxxxxxxx"
                    },
                    "example1.com":{
                                    "auth": "xxxxxxxxxxxxxxxxxxxxxxx"
                    }
            }
 }

Now you can push and pull images from the example.com and example1.com.

domino_jiang
  • 111
  • 1
  • 5
  • It stil shows Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /home/user/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Are you sure you want to proceed? [y/N] – Vasili Pascal May 08 '18 at 14:30
  • Thanks to Henri Siponen answer at https://stackoverflow.com/questions/10479078/how-to-answer-to-prompts-automatically-with-python-fabric I was able to fix it by adding : echo "y" | docker login myregistry.com – Vasili Pascal May 08 '18 at 15:33
2

For any random passer by that may stumble into this looking for a way to use this against an Openshift environment's container registry (Docker) you can use the following to provide the registry URI along with the credentials to log into it using an Openshift token.

$ echo "$(oc whoami -t)" | docker login -u $USER --password-stdin \
    $(oc get route docker-registry -n default --no-headers | awk '{print $2}')
Login Succeeded

The above does 3 things:

  • Passes token retrieved from Openshift oc whoami -t

  • Determines Openshift's registry URI

    $(oc get route docker-registry -n default --no-headers | awk '{print $2}'`)

  • Logs into registry using $USER + token from above

slm
  • 15,396
  • 12
  • 109
  • 124
0

I was having massive issues with this, just wanted to add that the environment variable DOCKER_HOST has special meaning to docker to define the daemon socket it connects to, causing it to fail login. There's a full list of the environment variables docker uses here: https://docs.docker.com/engine/reference/commandline/cli/

I changed my environment variables to something else, e.g. REG_ and it worked

docker login --username $REG_USERNAME --password $REG_PASSWORD $REG_HOST

Note, if you're doing this in a gitlab runner, there's no need to use the --password-stdin flag if you're already using variable masking (you can, there's just no need).

Edward Spencer
  • 448
  • 8
  • 10