Uploaded image for project: 'Marathon'
  1. Marathon
  2. MARATHON-4677

Private Registry Instructions Risk Uploading Private Passwords

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Low
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: DC/OS 1.11.4
    • Component/s: Docs
    • Labels:
      None

      Description

      Hi,

      I just went through the instructions for using a private registry: https://mesosphere.github.io/marathon/docs/native-docker-private-registry.html

      Could we add a warning to this page that if the instructions are run on a machine with an existing docker install, the resultant tar file will include the user's passwords to other registries such as the Hub? There are two issues that users might not expect:

      • executing docker login appends credentials to the file and doesn't replace old ones
      • credentials are unencrypted

      I think whoever wrote the instructions expected them to be run on one of the mesos nodes, but I think most people would actually execute them locally and upload the file with ansible or an equivalent.

        Attachments

          Activity

            People

            • Assignee:
              nikitamelkozerov Nikita Melkozerov (Inactive)
              Reporter:
              amouat Adrian Mouat (Inactive)
              Team:
              Orchestration Team
              Watchers:
              Jason Gilanfarr (Inactive)
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: