Open johnmcollier opened 4 years ago
@johnmcollier during the tech talk i was thinking if we can use the Java keystore since PFE already has Java 🤔
This looks very promising for securing the registry credentials in the PFE container: https://github.com/docker/docker-credential-helpers
It specifically has support for a pass backend for headless linux: see https://github.com/docker/cli/pull/451
With our planned support for Docker registries in Codewind 0.7.0, the Docker credentials that the user enters for use with Codewind will be stored base 64 encoded under
~/.docker
on the PFE container. Anyone who has access to the Codewind container on that machine will be able to see and decode the user's docker registry credentials.Docker supports configuring a credential store for managing the Docker registry credentials. We should see if we can make use of a keystore on PFE so that the docker credentials are stored securely on the container
ToDo:
yum install ...
in the PFE Dockerfile