Skip to content

docs: Explain how to provide ECR credentials in environment variables #126

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

docs: Explain how to provide ECR credentials in environment variables #126

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 27 additions & 1 deletion Sources/swift-container-plugin/Documentation.docc/authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ The following examples show how to set up the plugin for some popular registry p
### Docker Hub

> Don't use your Docker Hub account password to push and pull images.
> Create a Personal Access Token, which has restricted privileges, for each integration you use.
> Create a Personal Access Token, which has restricted privileges, for each integration you use.
> By using separate tokens, you can monitor them independently and revoke one at any time.
To create a `.netrc` entry for Docker Hub:

Expand Down Expand Up @@ -69,6 +69,32 @@ machine ghcr.io
>
> To generate an ECR authentication token, you must [first install the AWS CLI tools.](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)

#### Using environment variables

Environment variables are a convenient way to store short-lived credentials.

1. **Remove any existing ECR credentials from your `.netrc` file.** If any entries in `.netrc` match your ECR registry hostname, these will be used in preference to the credentials in environment variables.

2. Set the ECR username.

**The login name must be `AWS`**.

```
export CONTAINERTOOL_DEFAULT_USERNAME=AWS
```

3. Use the `aws` CLI tool to [generate an authentication token](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html#registry-auth-token).
You'll need to know the name of the [AWS region](https://docs.aws.amazon.com/global-infrastructure/latest/regions/aws-regions.html) in which your registry is hosted.
Registries in different AWS regions are separate and require different authentication tokens.

For example, the following command generates a token for ECR in the `us-west-2` region:

```
export CONTAINERTOOL_DEFAULT_PASSWORD=$(aws ecr get-login-password --region us-west-2)
```

#### Using the netrc file

To create a `.netrc` entry for Amazon Elastic Container Registry:

1. Use the `aws` CLI tool to [generate an authentication token](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html#registry-auth-token).
Expand Down