Investigate keychain/keyring for managing Docker credentials on PFE

[johnmcollier]

With our planned support for Docker registries in Codewind 0.7.0, the Docker credentials that the user enters for use with Codewind will be stored base 64 encoded under ~/.docker on the PFE container. Anyone who has access to the Codewind container on that machine will be able to see and decode the user's docker registry credentials.

Docker supports configuring a credential store for managing the Docker registry credentials. We should see if we can make use of a keystore on PFE so that the docker credentials are stored securely on the container

ToDo:

• [ ] Investigate keystores compatible with CentOS 7 (PFE Base image)
  • Ideally that can be installed with a simple yum install ... in the PFE Dockerfile
• [ ] Configure the keystore for use with Docker
  • Ideally would be configured during the Docker build. But at PFE runtime may be needed (as it may require an active docker daemon)

[maysunfaisal]

@johnmcollier during the tech talk i was thinking if we can use the Java keystore since PFE already has Java 🤔

[rajivnathan]

This looks very promising for securing the registry credentials in the PFE container: https://github.com/docker/docker-credential-helpers

It specifically has support for a pass backend for headless linux: see https://github.com/docker/cli/pull/451