https://pulumi.com logo
Join Slack
Powered by
Hi, I have a problem authenticating to an ECR regi...
# general
a
Hi, I have a problem authenticating to an ECR registry using the Docker Provider • I have logged in using the docker CLI, which works! • I have tried running pulumi without DOCKER_HOST and also set it to 
unix:///var/run/docker.sock
Now when I run 
pulumi up
, I get an error:
Copy code
Diagnostics:
  docker:index:RegistryImage (hello-world):
    error: 1 error occurred:
        * Error pushing docker image: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF
What this is related to and how do I fix it?
I relied on this information here to configure the provider: https://www.pulumi.com/registry/packages/docker/installation-configuration/#configuring-the-provider Maybe that’s not enough and I have to provide the credentials directly to pulumi?
So, I got it to work using a 
new docker.Provider
and passing 
username
and 
password
explicitly. However: These are then plaintext in my pulumi state! I don’t think this is an acceptable solution. Is there any way to have the credentials external to the pulumi state?
w
If you use Pulumi’s config secrets management the credentials will not be in clear text. For example, I can set config values as follows:
Copy code
pulumi config set dockerUsername --secret
pulumi config set dockerPassword --secret
And then use those values in my program as such:
Copy code
const config = new Config()

const dockerProvider = new docker.Provider("dockprovider", {
  registryAuth: [{
    address: "<https://index.docker.io/v1>",
    password: config.requireSecret("dockerPassword"),
    username: config.requireSecret("dockerUsername"),

  }]
})
a
Thanks, though I don’t really feel it should be there at all. The ECR token anyway will only be valid for some hours, so would I get a state change on each update? I’d prefer something that externally configures the credentials and pulumi just assumes that it’ll work.
4 Views
Open in Slack
PreviousNext
Powered by