I've used docker login
command and passed my credentials and I got warning WARNING: login credentials saved in /Users/{my_username}/.docker/config.json
. I've checked that file and indeed my password is there unencrypted (base64 encoded only).
Why docker saved my password unencrypted? Shouldn't it save it in my key-chain (I am on Mac OS) or instead of saving password just generate some access token or something like that?
By default, Docker stores the login password unencrypted within the /root/. docker/config.
This is now solved, and as you suggest, you can save to the keychain (or use other "helpers"). Full details are in the Docker docs: https://docs.docker.com/engine/reference/commandline/login/#credentials-store
For anyone interested in the history and why this wasn't a trivial fix: https://github.com/docker/docker/issues/10318
You can use Credential Store for this purpose. Here is the offical doc from Docker:
Credential Store
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With