The highest tagged major version is
README
¶
docker-credential-gcr 
Introduction
docker-credential-gcr is Google Container Registry's standalone, gcloud SDK-independent Docker credential helper. It allows for v18.03+ Docker clients to easily make authenticated requests to GCR's repositories (gcr.io, eu.gcr.io, etc.).
Note: docker-credential-gcr is primarily intended for users wishing to authenticate with GCR in the absence of gcloud, though they are not mutually exclusive. For normal development setups, users are encouraged to use gcloud auth configure-docker, instead.
The helper implements the Docker Credential Store API, but enables more advanced authentication schemes for GCR's users. In particular, it respects Application Default Credentials and is capable of generating credentials automatically (without an explicit login operation) when running in App Engine or Compute Engine.
For even more authentication options, see GCR's documentation on advanced authentication methods.
GCR Credentials
By default, the helper searches for GCR credentials in the following order:
- In the helper's private credential store (i.e. those stored via
docker-credential-gcr gcr-login) - In a JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
- In a JSON file in a location known to the helper:
- On Windows, this is
%APPDATA%/gcloud/application_default_credentials.json. - On other systems,
$HOME/.config/gcloud/application_default_credentials.json.
- On Windows, this is
- On Google App Engine, it uses the
appengine.AccessTokenfunction. - On Google Compute Engine, Kubernetes Engine, and App Engine Managed VMs, it fetches the credentials of the service account associated with the VM from the metadata server (if available).
Users may limit, re-order how the helper searches for GCR credentials using docker-credential-gcr config --token-source. Number 1 above is designated by store and 2-5 by env (which cannot be individually restricted or re-ordered). Multiple sources are separated by commas, and the default is "store, env".
While it is recommended to use gcloud auth configure-docker in gcloud-based work flows, you may optionally configure docker-credential-gcr to use gcloud as a token source (see example below).
Examples:
To use only the gcloud SDK's access token:
docker-credential-gcr config --token-source="gcloud"
To search the environment, followed by the private store:
docker-credential-gcr config --token-source="env, store"
To verify that credentials are being returned for a given registry, e.g. for https://gcr.io:
echo "https://gcr.io" | docker-credential-gcr get
Other Credentials
As of the 2.0 release, docker-credential-gcr no longer supports generalized credsStore functionality.
Building from Source
The program in this repository is written with the Go programming language and built with make. These instructions assume that Go 1.11+ and make are installed on a *nix system.
You can download the source code, compile the binary, and put it in your $GOPATH with go get.
go get -u github.com/GoogleCloudPlatform/docker-credential-gcr
If $GOPATH/bin is in your system $PATH, this will also automatically install the compiled binary. You can confirm using which docker-credential-gcr and continue to the section on Configuration and Usage.
Alternatively, you can use make to build the program. The executable will be output to the bin directory inside the repository.
cd $GOPATH/src/github.com/GoogleCloudPlatform/docker-credential-gcr
make
Then, you can put that binary in your $PATH to make it visible to docker. For example, if /usr/bin is present in your system path:
sudo mv ./bin/docker-credential-gcr /usr/bin/docker-credential-gcr
Configuration and Usage
-
Configure the Docker CLI to use
docker-credential-gcras a credential helper for the default set of GCR registries:docker-credential-gcr configure-dockerTo speed up
docker builds, you can instead configure a minimal set of registries:docker-credential-gcr configure-docker --registries="eu.gcr.io, marketplace.gcr.io"- Alternatively, use the manual configuration instructions below to configure your version of the Docker client.
-
Log in to GCR (or don't! See the GCR Credentials section)
docker-credential-gcr gcr-login -
Use Docker!
docker pull gcr.io/project-id/neato-container -
Log out from GCR
docker-credential-gcr gcr-logout
Manual Docker Client Configuration
Add a credHelpers entry in the Docker config file (usually ~/.docker/config.json on OSX and Linux, %USERPROFILE%\.docker\config.json on Windows) for each GCR registry that you care about. The key should be the domain of the registry (without the "https://") and the value should be the suffix of the credential helper binary (everything after "docker-credential-").
e.g. for `docker-credential-gcr`:
{
"auths" : {
...
},
"credHelpers": {
"coolregistry.com": ... ,
"gcr.io": "gcr",
"asia.gcr.io": "gcr",
...
},
"HttpHeaders": ...
"psFormat": ...
"imagesFormat": ...
"detachKeys": ...
}
License
Apache 2.0. See LICENSE for more information.
Documentation
¶
Overview ¶
Program docker-credential-gcr implements the Docker credential helper API and allows for more advanced login/authentication schemes for GCR customers.
See README.md
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package auth implements the logic required to authenticate the user and generate access tokens for use with GCR.
|
Package auth implements the logic required to authenticate the user and generate access tokens for use with GCR. |
|
Package cli contains the implementations of all of the subcommands that are exposed via the command line.
|
Package cli contains the implementations of all of the subcommands that are exposed via the command line. |
|
Package config provides variables used in configuring the behavior of the app.
|
Package config provides variables used in configuring the behavior of the app. |
|
Package credhelper implements a Docker credential helper with special facilities for GCR authentication.
|
Package credhelper implements a Docker credential helper with special facilities for GCR authentication. |
|
mock
|
|
|
mock_cmd
Package mock_cmd is a generated GoMock package.
|
Package mock_cmd is a generated GoMock package. |
|
mock_config
Package mock_config is a generated GoMock package.
|
Package mock_config is a generated GoMock package. |
|
mock_store
Package mock_store is a generated GoMock package.
|
Package mock_store is a generated GoMock package. |
|
Package store implements a credential store that is capable of storing both plain Docker credentials as well as GCR access and refresh tokens.
|
Package store implements a credential store that is capable of storing both plain Docker credentials as well as GCR access and refresh tokens. |
|
Package test contains tests for the credential helper which don't require package-private member visibility.
|
Package test contains tests for the credential helper which don't require package-private member visibility. |
|
Package util contains utilities which are shared between packages.
|
Package util contains utilities which are shared between packages. |
|
cmd
Package cmd contains utilities to execute commands using a test-friendly interface.
|
Package cmd contains utilities to execute commands using a test-friendly interface. |