Skip to content

zntrio/vault-secret-engine-docker-registry

Repository files navigation

Docker Registry - Vault Secret Engine

NOT PRODUCTION READY

Setup

Compile and test env bootstrap

make

Usage

Enable secret engine

vault secrets enable docker-registry

Setup engine authentication

vault write docker-registry/config endpoint_url=<https://auth.docker.io> username=.... password=....

Create a role

vault write docker-registry/roles/admin name=admin service=registry.docker.io scope=repository:samalba/my-app:pull,push

Request for token

$ vault read docker-registry/creds/admin
Key             Value
---             -----
access_token    eyJhbG... omitted ...
registry_url    https://auth.docker.io
scope           repository:samalba/my-app:pull,push
service         registry.docker.io
token           eyJhbG... omitted ...

Update Docker config

export REGISTRY_TOKEN=$(vault read -field token docker-registry/creds/admin)
echo '{"auths":{"registry-1.docker.io":{"registrytoken": "$REGISTRY_TOKEN"}}}' | jq -s ".[0] * .[1]" ~/.docker/config.json - > ~/.docker/config.json

Releases

No releases published

Packages

No packages published