I just went through the instructions for using a private registry: https://mesosphere.github.io/marathon/docs/native-docker-private-registry.html
Could we add a warning to this page that if the instructions are run on a machine with an existing docker install, the resultant tar file will include the user's passwords to other registries such as the Hub? There are two issues that users might not expect:
- executing docker login appends credentials to the file and doesn't replace old ones
- credentials are unencrypted
I think whoever wrote the instructions expected them to be run on one of the mesos nodes, but I think most people would actually execute them locally and upload the file with ansible or an equivalent.