Posting this here because I’m not sure if it’s appropriate for a bug report on GitHub. I’m putting this in the DockerEngine category since I think it’s more relevant to DockerEngine than
Some relevant information: I’m running Docker
18.09.6-ce and docker-compose
1.24.0 on Arch Linux, with the
credential-helper-pass credential helper.
There are really two separate questions here:
docker buildask for authentication even when not required?
After setting up credentials so I could push my first image to Docker Hub,
docker buildnow asks for a password any time I run it. However, the build proceeds normally if I click “cancel” on the password prompt. Clearly authentication is not required here (otherwise I would expect the build to fail after clicking “cancel”), does the Docker CLI always prompt for authentication just in case it ends up needing it later? I can see why this would be desirable (there’s nothing worse than starting what you expect to be a long-running process and coming back later to find out it stopped halfway through because it’s waiting for the user to enter their password), but it’s annoying and possibly detrimental to security - if Docker is always asking for my password even when not required, as someone new to Docker I have no idea when it’s actually talking to Docker Hub and possibly putting information in a publicly accessible location.
docker-compose buildfail when authentication fails?
When I run
docker-compose buildand click “cancel” in the password prompt,
docker-composecraps out and the build fails. This behavior differs from that of
docker build, which succeeds when I close the authentication prompt. I’m not sure whether this behavior is a bug/oversight or a design decision.
I know this is a minor paper-cut, but ideally I’d like a configuration option for Docker that tells it only to prompt for a password if needed (i.e. if it fails to find an image, it authenticates and tries again just in case the image is private). Additionally, I’d like
docker-compose to more gracefully handle a cancelled authentication attempt. I’m willing to put in work to make these things happen, but I want to see what the community thinks first.