github.com/thajeztah/cli@v0.0.0-20240223162942-dc6bfac81a8b/docs/reference/commandline/login.md

github.com/thajeztah/cli@v0.0.0-20240223162942-dc6bfac81a8b/docs/reference/commandline/login.md (about)

     1  # login
     2  
     3  <!---MARKER_GEN_START-->
     4  Log in to a registry.
     5  If no server is specified, the default is defined by the daemon.
     6  
     7  ### Options
     8  
     9  | Name                                  | Type     | Default | Description                  |
    10  |:--------------------------------------|:---------|:--------|:-----------------------------|
    11  | `-p`, `--password`                    | `string` |         | Password                     |
    12  | [`--password-stdin`](#password-stdin) |          |         | Take the password from stdin |
    13  | `-u`, `--username`                    | `string` |         | Username                     |
    14  
    15  
    16  <!---MARKER_GEN_END-->
    17  
    18  ## Description
    19  
    20  Log in to a registry.
    21  
    22  ## Examples
    23  
    24  ### Login to a self-hosted registry
    25  
    26  If you want to log in to a self-hosted registry you can specify this by
    27  adding the server name.
    28  
    29  ```console
    30  $ docker login localhost:8080
    31  ```
    32  
    33  ### <a name="password-stdin"></a> Provide a password using STDIN (--password-stdin)
    34  
    35  To run the `docker login` command non-interactively, you can set the
    36  `--password-stdin` flag to provide a password through `STDIN`. Using
    37  `STDIN` prevents the password from ending up in the shell's history,
    38  or log-files.
    39  
    40  The following example reads a password from a file, and passes it to the
    41  `docker login` command using `STDIN`:
    42  
    43  ```console
    44  $ cat ~/my_password.txt | docker login --username foo --password-stdin
    45  ```
    46  
    47  ### Privileged user requirement
    48  
    49  `docker login` requires you to use `sudo` or be `root`, except when:
    50  
    51  - Connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
    52  - The user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/#docker-daemon-attack-surface) for details.
    53  
    54  You can log in to any public or private repository for which you have
    55  credentials.  When you log in, the command stores credentials in
    56  `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on
    57  Windows, via the procedure described below.
    58  
    59  ### Credential stores
    60  
    61  The Docker Engine can keep user credentials in an external credential store,
    62  such as the native keychain of the operating system. Using an external store
    63  is more secure than storing credentials in the Docker configuration file.
    64  
    65  To use a credential store, you need an external helper program to interact
    66  with a specific keychain or external store. Docker requires the helper
    67  program to be in the client's host `$PATH`.
    68  
    69  You can download the helpers from the `docker-credential-helpers`
    70  [releases page](https://github.com/docker/docker-credential-helpers/releases).
    71  Helpers are available for the following credential stores:
    72  
    73  - D-Bus Secret Service
    74  - Apple macOS keychain
    75  - Microsoft Windows Credential Manager
    76  - [pass](https://www.passwordstore.org/)
    77  
    78  #### Configure the credential store
    79  
    80  You need to specify the credential store in `$HOME/.docker/config.json`
    81  to tell the Docker Engine to use it. The value of the config property should be
    82  the suffix of the program to use (i.e. everything after `docker-credential-`).
    83  For example, to use `docker-credential-osxkeychain`:
    84  
    85  ```json
    86  {
    87    "credsStore": "osxkeychain"
    88  }
    89  ```
    90  
    91  If you are currently logged in, run `docker logout` to remove
    92  the credentials from the file and run `docker login` again.
    93  
    94  #### Default behavior
    95  
    96  By default, Docker looks for the native binary on each of the platforms, i.e.
    97  "osxkeychain" on macOS, "wincred" on windows, and "pass" on Linux. A special
    98  case is that on Linux, Docker will fall back to the "secretservice" binary if
    99  it cannot find the "pass" binary. If none of these binaries are present, it
   100  stores the credentials (i.e. password) in base64 encoding in the config files
   101  described above.
   102  
   103  #### Credential helper protocol
   104  
   105  Credential helpers can be any program or script that follows a very simple protocol.
   106  This protocol is heavily inspired by Git, but it differs in the information shared.
   107  
   108  The helpers always use the first argument in the command to identify the action.
   109  There are only three possible values for that argument: `store`, `get`, and `erase`.
   110  
   111  The `store` command takes a JSON payload from the standard input. That payload carries
   112  the server address, to identify the credential, the user name, and either a password
   113  or an identity token.
   114  
   115  ```json
   116  {
   117    "ServerURL": "https://index.docker.io/v1",
   118    "Username": "david",
   119    "Secret": "passw0rd1"
   120  }
   121  ```
   122  
   123  If the secret being stored is an identity token, the Username should be set to
   124  `<token>`.
   125  
   126  The `store` command can write error messages to `STDOUT` that the Docker Engine
   127  will show if there was an issue.
   128  
   129  The `get` command takes a string payload from the standard input. That payload carries
   130  the server address that the Docker Engine needs credentials for. This is
   131  an example of that payload: `https://index.docker.io/v1`.
   132  
   133  The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name
   134  and password from this payload:
   135  
   136  ```json
   137  {
   138    "Username": "david",
   139    "Secret": "passw0rd1"
   140  }
   141  ```
   142  
   143  The `erase` command takes a string payload from `STDIN`. That payload carries
   144  the server address that the Docker Engine wants to remove credentials for. This is
   145  an example of that payload: `https://index.docker.io/v1`.
   146  
   147  The `erase` command can write error messages to `STDOUT` that the Docker Engine
   148  will show if there was an issue.
   149  
   150  ### Credential helpers
   151  
   152  Credential helpers are similar to the credential store above, but act as the
   153  designated programs to handle credentials for specific registries. The default
   154  credential store (`credsStore` or the config file itself) will not be used for
   155  operations concerning credentials of the specified registries.
   156  
   157  #### Configure credential helpers
   158  
   159  If you are currently logged in, run `docker logout` to remove
   160  the credentials from the default store.
   161  
   162  Credential helpers are specified in a similar way to `credsStore`, but
   163  allow for multiple helpers to be configured at a time. Keys specify the
   164  registry domain, and values specify the suffix of the program to use
   165  (i.e. everything after `docker-credential-`).
   166  For example:
   167  
   168  ```json
   169  {
   170    "credHelpers": {
   171      "registry.example.com": "registryhelper",
   172      "awesomereg.example.org": "hip-star",
   173      "unicorn.example.io": "vcbait"
   174    }
   175  }
   176  ```
   177  
   178  ## Related commands
   179  
   180  * [logout](logout.md)