Add support for Docker credential helpers #789
+280
−3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the ability to use existing Docker credential helpers (like
docker-credential-ecr-login
,docker-credential-gcr
, etc.) for registry authentication. This enables Keel to leverage the same credential management tools that users already have configured in their Docker environments, instead of re-implementing registry credential helpers in Keel itself.I used the same helper registration method as in the aws and gcr helpers. The only input the new helper needs is the name of an executable that implements the Docker credential protocol (registry name is supplied via stdin, and a command line argument
get
is added when executing the program). The executable name is passed in via theDOCKER_CREDENTIALS_HELPER
environment variable (and can be just the name of the executable without the full path).The main use case for me was adding Azure ACR support without hacks or implementing an ACR-specific extension, and leveraging
https://github.com/chrismellard/docker-credential-acr-env
instead, together with Keel polling the registry.