How to keep the config.json safe and distribute it

as we all know, the username and password are encoded by base64 and stored in config.json.
How to keep it safe especially when we need to distribute it.

I know there is one solution that is by credential-helper, GPG2 and “pass” in Linux. using the command “pass show docker-credential-helpers/docker-pass-initialized-check” and type the password of GPG2, the password can be fetched.

However, I want to grant another people to docker pull from the registry, and do not want to tell him the password. It seems that I have to tell him the password first, according to the solution above, and the encrypted file .password-store/docker-credential-helpers/docker-pass-initialized-check.gpg cannot be used directly.

Did I missunderstand anything :sweat_smile:?

I want to find a way just like copy some encrypt file to someone, then he could login and pull. :smiley:

What’s the difference if you hand your customer the password or hand them a file with the hashed password, if both enable access to the registry?

You can place any type of authentication in front of your own registry, if that helps. Simple user/pass for every customer or even advanced things like OAuth.

You can place a proxy like Traefik in front of the registry, use ForwardAuth and connect to user management systems like Authelia, Authentik, Keycloak, or Zitadel.