docker-compose - how to provide credentials or API key in order to pull image from private repository?

Question

I have private repo where I am uploading images outside of the docker.

image: example-registry.com:4000/test

I have that defined in my docker-compose file. How I can provide credentials or API key in order to pull from that repository? Is it possible to do it without executing "docker login" command or it is required to always execute those commands prior the docker-compose command? I have API key which I am using for example to do the REST API from PowerShell or any other tool. Can I use that somehow in order to avoid "docker login" command constantly?

Thank you

Answer 1

docker login creates or updates the ~/.docker/config.json file for you. With just the login part, it look likes

{
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "REDACTED"
        }
    }
}

There can be many things in this file, here is the doc

So to answer your question, you can avoid the login command by distributing this file instead. Something like:

• Create a dedicated token (you shouldn't have multiple usage by token) here https://hub.docker.com/settings/security
• Move your current config elsewhere if it does exist mv ~/.docker/config.json /tmp
• Execute docker login -u YOUR-ACCOUNT, using the token as password
• Copy the generated ~/.docker/config.json that you can then distribute to your server(s). This file is as much a secret as your password , don't make it public!
• Move back your current config mv /tmp/config.json ~/.docker/

Having the file as a secret that you distribute doesn't make much difference than inputing the docker login command though, especially if you've some scripting to do that.