Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28702

Clean up registry credentials

XMLWordPrintable

      Currently DockerRegistryToken makes no attempt to log you out when KeyMaterial.close is called. This makes it inappropriate for environments in which access to the registry credentials must be tightly controlled.

      The problem is that ~/.dockercfg must be used to store the login globally for the user (typically, one slave agent), so if there are multiple executors on the slave, one log out while another is still using the login.

      If https://github.com/docker/docker/issues/10318 or similar is implemented, that would be ideal, so that the authentication between executors does not clash.

      Otherwise, it might be possible to use reference-counting. TBD if docker login/logout would preserve other fields, or if a separate file would be needed. There are potential locking issues there.

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            4 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: