as we all know, the username and password are encoded by base64 and stored in config.json.
How to keep it safe especially when we need to distribute it.

I know there is one solution that is by credential-helper, GPG2 and “pass” in Linux. using the command “pass show docker-credential-helpers/docker-pass-initialized-check” and type the password of GPG2, the password can be fetched.

However, I want to grant another people to docker pull from the registry, and do not want to tell him the password. It seems that I have to tell him the password first, according to the solution above, and the encrypted file .password-store/docker-credential-helpers/docker-pass-initialized-check.gpg cannot be used directly.

Did I missunderstand anything ?

I want to find a way just like copy some encrypt file to someone, then he could login and pull.

What’s the difference if you hand your customer the password or hand them a file with the hashed password, if both enable access to the registry?

You can place any type of authentication in front of your own registry, if that helps. Simple user/pass for every customer or even advanced things like OAuth.

You can place a proxy like Traefik in front of the registry, use ForwardAuth and connect to user management systems like Authelia, Authentik, Keycloak, or Zitadel.