Pipeline - Docker Credentials "WARNING! Your password will be stored unencrypted"

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Pipeline - Docker Credentials "WARNING! Your password will be stored unencrypted"

Carles Capdevila Tejada
I'm surprised that nobody else mentioned this. I've googled it several times and searched through this forum but most of the results were just related to failed login attempts, and none concerning this specific issue.

I'm getting this warning when executing the docker.withRegistry(<registryUrl>, <credentialsId>) step inside a multibranch pipeline build:

[Pipeline] withDockerRegistry
14:54:25 $ docker login -u S_sbs-docker-rw -p ******** https://sbs.t-systems.com:10004
14:54:25 WARNING! Using --password via the CLI is insecure. Use --password-stdin.
14:54:25 WARNING! Your password will be stored unencrypted in /home/jenkins/workspace/S-sbs-pipeline-test_develop-W2CJZYB4W6CKRR35PWVB2ZNFR6QHFKUSFAMWEOU35RI7QRRTABLA@tmp/d15258c7-dec5-4caf-b398-cbff2d77a088/config.json.
14:54:25 Configure a credential helper to remove this warning. See
14:54:25 https://docs.docker.com/engine/reference/commandline/login/#credentials-store
14:54:25 
14:54:25 Login Succeeded

Why are the credentials stored unencrypted? I know that this is standard docker behaviour, but I'd expect that the Docker Pipeline Plugin handled this so that they aren't: for instance, by piping the credentials into --password-stdin as suggested. (although I understand it may be elaborate due to having to determine the OS it's running on)

Or should I go with a docker-specific workaround mentioned in the link, like using a credentials store? Correct me if I'm wrong, but this seems dumb to me as we already use the Jenkins credentials store.

I hope somebody can shed some light over this. 
Thank you for your attention!

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6f64ad50-234c-4532-8656-06ced22c9218%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.