use the distribution protocol to determine account id and region

awslabs / amazon-ecr-credential-helper

Automatically gets credentials for Amazon ECR on docker push/docker pull

Apache License 2.0

2.45k stars 335 forks source link

use the distribution protocol to determine account id and region #836

Closed nicks closed 3 days ago

nicks commented 1 week ago

Issue #, if available: https://github.com/awslabs/amazon-ecr-credential-helper/issues/94

Description of changes: use the distribution protocol to determine account id and region

this allows ecr-login to determine the correct ECR instance, even when ECR is behind a custom domain.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

nicks commented 3 days ago

ah, thinking about this, i'm not sure it's a good idea. works ok if you trust the registry. but if you use this with a malicious registry, this would allow it to steal creds. need to think on this a bit more. :thinking: