I’m using the docker snap. Thanks for that opportunity.
Furthermore, I’m trying to take advantage of the secretservice credentials helper binary (ref. Docker Docs - docker login credentials store).
I’ve got stuck with the message:
Error saving credentials: error storing credentials - err: exec: "docker-credential-secretservice": executable file not found in $PATH, out: ``
It appears when I run the command:
docker login
Where does the snap docker engine expect me to store docker-credential-secretservice tool?
The issue is that AFAICT none of these credential helpers are shipped with the docker snap and The $PATH for the dockerd snap points to the snap environment, which doesn’t contain any of these helpers.
FWIW, I think probably the easiest way to handle this is to either:
bundle all of the currently supported credentials helpers inside the docker snap
expose a content interface slot from the docker snap, and then create snaps for each of these credentials helpers so that a user can install their chosen credential helper and connect the interface (or perhaps that content interface could be auto-connected) and the content interface directory is added to $PATH so that dockerd can pick it up from the config.json
I think the content interface slot is probably the best solution here because the credential helpers should really be external to the snap (for example, using pass on the host for storing the credentials encrypted in $HOME), but I have to admit that I don’t know what would be involved in creating such an interface.
Note that since this would be using the content interface, the docker snap would only auto-connect to these credential snaps that are published by the same publisher (i.e. Canonical currently), but if auto-connection to another snap is desired, that can be requested through the #store-requests category on this forum.
I’m curious about what came of this discussion. Was this interface ever created?
In the doctl snap, we have a command that can be used to log in Docker to the DigitalOcean container registry. We have a personal-files plug that grants access to ~/.docker/config.json. This works as expected when the credentials are stored in the file, but fails when a credential helper is configured. Would love to allow our users to connect to docker-credentials-secretservice