03/15/2022, 7:59 AM
Hi, I have a problem authenticating to an ECR registry using the Docker Provider • I have logged in using the docker CLI, which works! • I have tried running pulumi without DOCKER_HOST and also set it to
Now when I run
pulumi up
, I get an error:
  docker:index:RegistryImage (hello-world):
    error: 1 error occurred:
        * Error pushing docker image: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF
What this is related to and how do I fix it?
I relied on this information here to configure the provider: Maybe that’s not enough and I have to provide the credentials directly to pulumi?
So, I got it to work using a
new docker.Provider
and passing
explicitly. However: These are then plaintext in my pulumi state! I don’t think this is an acceptable solution. Is there any way to have the credentials external to the pulumi state?


03/15/2022, 3:10 PM
If you use Pulumi’s config secrets management the credentials will not be in clear text. For example, I can set config values as follows:
pulumi config set dockerUsername --secret
pulumi config set dockerPassword --secret
And then use those values in my program as such:
const config = new Config()

const dockerProvider = new docker.Provider("dockprovider", {
  registryAuth: [{
    address: "<>",
    password: config.requireSecret("dockerPassword"),
    username: config.requireSecret("dockerUsername"),



03/15/2022, 3:13 PM
Thanks, though I don’t really feel it should be there at all. The ECR token anyway will only be valid for some hours, so would I get a state change on each update? I’d prefer something that externally configures the credentials and pulumi just assumes that it’ll work.