This message was deleted.
# general
s
This message was deleted.
a
I relied on this information here to configure the provider: https://www.pulumi.com/registry/packages/docker/installation-configuration/#configuring-the-provider Maybe that’s not enough and I have to provide the credentials directly to pulumi?
So, I got it to work using a
new docker.Provider
and passing
username
and
password
explicitly. However: These are then plaintext in my pulumi state! I don’t think this is an acceptable solution. Is there any way to have the credentials external to the pulumi state?
w
If you use Pulumi’s config secrets management the credentials will not be in clear text. For example, I can set config values as follows:
Copy code
pulumi config set dockerUsername --secret
pulumi config set dockerPassword --secret
And then use those values in my program as such:
Copy code
const config = new Config()

const dockerProvider = new docker.Provider("dockprovider", {
  registryAuth: [{
    address: "<https://index.docker.io/v1>",
    password: config.requireSecret("dockerPassword"),
    username: config.requireSecret("dockerUsername"),

  }]
})
a
Thanks, though I don’t really feel it should be there at all. The ECR token anyway will only be valid for some hours, so would I get a state change on each update? I’d prefer something that externally configures the credentials and pulumi just assumes that it’ll work.