Docker: Using --password via the CLI is insecure. Use --password-stdin

I have the following warning when I log in to my registry during a continuous integration (CI) process:

WARNING! Using --password via the CLI is insecure. Use --password-stdin.

Should I just replace --password with --password-stdin?


Solution 1:

According to docker documentation:

To run the docker login command non-interactively, you can set the --password-stdin flag to provide a password through STDIN. Using STDIN prevents the password from ending up in the shell’s history, or log-files.

The following examples read a password from a file, and passes it to the docker login command using STDIN:

$ cat ~/my_password.txt | docker login --username foo --password-stdin

or

$ docker login --username foo --password-stdin < ~/my_password

The following example reads a password from a variable, and passes it to the docker login command using STDIN:

$ echo "$MY_PASSWORD" | docker login --username foo --password-stdin

Solution 2:

The same echo command on a Windows based system (or when running in an Azure Pipelines task based on vs2017-win2016) does also output an additional newline.

A workaround for this to use set /p, see also question + answer.

The full command will be like:
echo | set /p="my_password" | docker login --username foo --password-stdin

Solution 3:

Windows 10 solution using powershell:

Use Notepad to create a one line text file with your password. The file was named "password1.txt" for the command line below to work.
Save this file in the folder you are using in powershell (...typically C:\Users\Your_Username ).

Get-Content password1.txt | docker login --username my_username --password-stdin

Refer: Redirecting standard input\output in Windows PowerShell

Solution 4:

Setup in github actions:

echo ${{ secrets.DOCKER_TOKEN }} | docker login --username ${{ secrets.DOCKER_USERNAME }} --password-stdin