Share CLI credentials over a unix socket #5948
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #5948 +/- ##
==========================================
- Coverage 59.42% 59.19% -0.24%
==========================================
Files 358 360 +2
Lines 29768 29916 +148
==========================================
+ Hits 17690 17708 +18
- Misses 11113 11240 +127
- Partials 965 968 +3 🚀 New features to boost your workflow:
|
Signed-off-by: Alano Terblanche <18033717+Benehiko@users.noreply.github.com>
d604e96 to
653818b
Compare
4 tasks
D3-LucaPiombino
added a commit
to CodeCoil/container-desktop
that referenced
this pull request
Jun 2, 2025
…uildx: `0.24.0`) (#10) ## Summary of the Pull Request Update docker (and related tooling) to the latest version. ## Detailed Description of the Pull Request / Additional comments The core motivation is to have a version of the docker client that does not attempt to mutate/rewrite the config (docker/cli#5553). This is in preparation of a future enhancement to share the same client configuration of the windows host and to provide a seamless experience. This could include also the auth via credential helpers running on the host (e.g. a basic scenario is to at least use the windows credential manager to avoid storing static credentials in plain in the config file). I did not push anything yet because i am waiting to see if docker/cli#5948 get merged as it would probably provide a better and simpler out of the box experience. Co-authored-by: Luca Piombino <luca.piombino@codecoil.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a proof of concept to share docker credentials from the CLI.
Related to #5858
What is the benefit of this?
curl http://localhost/credentials --unix-socket ~/.docker/run/docker_cli_credential_server.sock- What I did
Created a command called
authwhich is a manager for the CLI credentials. This allows us to expose the credentials that the CLI have access to (config, credential helper etc.).docker auth credential-serverThis will create a new unix socket inside the default docker config directory
~/.docker/run/docker_cli_credential_server.sock. Using this socket you can retrieve the credentials, save credentials back and delete credentials.The CLI has a built in mechanism that would detect the
docker_cli_credential_server.sockand implements thecredentials.Storeinterface so that any calls to the socket would correctly returntypes.AuthConfigas normal. This means that the socket iteslf becomes a credential store.This also solves situatations where the docker CLI need credentials when run inside of a docker container.
- How I did it
- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)