docker config auths reverse engineering

.docker/config.json auths secrets

Before we start, backup ~/.docker/config.json and export DOCKER_CONFIG=~/.docker.

We will be using sh.

We should now have an empty $DOCKER_CONFIG/config.json.

If you are on Mac OS X like me, after we issue some doc…


This content originally appeared on DEV Community and was authored by Malik Benkirane

.docker/config.json auths secrets

Before we start, backup ~/.docker/config.json and export DOCKER_CONFIG=~/.docker.

We will be using sh.

We should now have an empty $DOCKER_CONFIG/config.json.

If you are on Mac OS X like me, after we issue some docker login command we should be able to spot a credsStore attribute in our docker config.json:

        "credsStore": "desktop"

or even

        "credsStore": "osxkeychain"

Let's make sure we remove that attribute. docker login will now warn us that the authorizations values will be stored unencrypted:

WARNING! Your password will be stored unencrypted in ~/.docker/config.json.

For example if we issue a docker login ... with a service account on google cloud

docker login -u _json_key --password-stdin https://europe-west1-docker.pkg.dev  < ~/.gcp/sa-secret.json

We would also spot auths attribute with a base64 encoded string value.

{
        "auths": {
                "europe-west1-docker.pkg.dev": {
                        "auth": "BASE64ENCODEDxxxx",
        //...
}

We can use docker-credential-helpers from docker credentials release
to retrieve that "auth" value.

For example with docker-credential-osxkeychain release:

echo europe-west1-docker.pkg.dev | docker-credential-osxkeychain get

{
  "ServerURL": "europe-west1-docker.pkg.dev",
  "Username": "_json_key",
  "Secret": {
    // ...
  }
}

We would finally find that in $DOCKER_CONFIG/config.json the base64 encoded value is nothing else than

_json_key:{
   // ... value retrieved from docker-credential-oskeychain
}

But not that this is not rigorous JSON where we would had "_json_key":{}.

I haven't gone further but let's take it further if we find the right time.

Let's hope this gave you some ideas regarding your daily or uncommon routines. Let us know if you found that useful ;-)

See also

Docker credentials store
IAM Predefined roles
Kind Private Registries
StackOverflow "How to get value from docker-credential-osxkeychain"


This content originally appeared on DEV Community and was authored by Malik Benkirane


Print Share Comment Cite Upload Translate Updates
APA

Malik Benkirane | Sciencx (2024-06-22T06:30:03+00:00) docker config auths reverse engineering. Retrieved from https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/

MLA
" » docker config auths reverse engineering." Malik Benkirane | Sciencx - Saturday June 22, 2024, https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/
HARVARD
Malik Benkirane | Sciencx Saturday June 22, 2024 » docker config auths reverse engineering., viewed ,<https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/>
VANCOUVER
Malik Benkirane | Sciencx - » docker config auths reverse engineering. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/
CHICAGO
" » docker config auths reverse engineering." Malik Benkirane | Sciencx - Accessed . https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/
IEEE
" » docker config auths reverse engineering." Malik Benkirane | Sciencx [Online]. Available: https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/. [Accessed: ]
rf:citation
» docker config auths reverse engineering | Malik Benkirane | Sciencx | https://www.scien.cx/2024/06/22/docker-config-auths-reverse-engineering/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts