pass: docker login does not work after rotating gpg key

docker / docker-credential-helpers

Programs to keep Docker login credentials safe by storing in platform keystores

MIT License

1.05k stars 166 forks source link

pass: docker login does not work after rotating gpg key #299

Open nicks opened 9 months ago

nicks commented 9 months ago

Repro steps:

Store a login cred:

aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789.dkr.ecr.us-east-1.amazonaws.com

Rotate your gpg key
Re-store the login cred with the same command as step 1

Expected result: The creds are stored successfully

Actual result: The old credentials can't be decrypted, so the credential helper fails with gpg: decryption failed: No secret key

nicks commented 9 months ago

Note that there are other issues with this error message - e.g., https://github.com/docker/docker-credential-helpers/issues/118

but it wasn't clear to me if they're the same issue

nicks commented 9 months ago

i actually think this is kind of an interop issue between docker-credential-helpers and DD, where DD is assuming that if the credential has a decryption error, it means the credential store is corrupted somehow, and so prevents the Store()