Hi, I have a problem authenticating to an ECR regi...
# general
Hi, I have a problem authenticating to an ECR registry using the Docker Provider • I have logged in using the docker CLI, which works! • I have tried running pulumi without DOCKER_HOST and also set it to
Now when I run
pulumi up
, I get an error:
Copy code
  docker:index:RegistryImage (hello-world):
    error: 1 error occurred:
        * Error pushing docker image: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF
What this is related to and how do I fix it?
I relied on this information here to configure the provider: https://www.pulumi.com/registry/packages/docker/installation-configuration/#configuring-the-provider Maybe that’s not enough and I have to provide the credentials directly to pulumi?
So, I got it to work using a
new docker.Provider
and passing
explicitly. However: These are then plaintext in my pulumi state! I don’t think this is an acceptable solution. Is there any way to have the credentials external to the pulumi state?
If you use Pulumi’s config secrets management the credentials will not be in clear text. For example, I can set config values as follows:
Copy code
pulumi config set dockerUsername --secret
pulumi config set dockerPassword --secret
And then use those values in my program as such:
Copy code
const config = new Config()

const dockerProvider = new docker.Provider("dockprovider", {
  registryAuth: [{
    address: "<https://index.docker.io/v1>",
    password: config.requireSecret("dockerPassword"),
    username: config.requireSecret("dockerUsername"),

Thanks, though I don’t really feel it should be there at all. The ECR token anyway will only be valid for some hours, so would I get a state change on each update? I’d prefer something that externally configures the credentials and pulumi just assumes that it’ll work.