I’ve implemented a repository that automatically builds and publishes a Docker image using GitHub Workflows. The URL of this repository is:

While it works, I get the following warning:

WARNING! Your password will be stored unencrypted in /home/runner/.docker/config.json.

Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

The command I use to login is:

echo "$MY_PASSWORD" | docker login -u ${{ github.actor }} --password-stdin ghcr.io

What are my options to more securely log in?

I wouldn’t worry about that warning unless you think that someone can access that runner during its temporary existence Let’s say you were running it on a company laptop during a demo and then you gave it to a colleague who could see your password. That would be a problem. Since the same Docker CLI is running on the GitHub runner, you will get this warning.