Today you can put your own helpers in ~/.finch/cred-helpers and update your DOCKER_CONFIG config.json and everything will be successfully passed into the lima VM, however the BYO credential helper would not be in your path.
$ cat .finch/config.json
{
"credsStore": "ecr-login-new"
}
$ ls -l .finch/cred-helpers
total 6512
-rwxrwxrwx 1 root root 6668288 Feb 1 13:42 docker-credential-ecr-login
-rwxrwxrwx 1 root root 42 Feb 8 11:24 docker-credential-ecr-login-new
$ finch run 111222333444.dkr.ecr.eu-west-1.amazonaws.com/nginx:latest
WARN[0000] cannot get auth config for authConfigHostname="111222333444.dkr.ecr.eu-west-1.amazonaws.com" (refHostname="111222333444.dkr.ecr.eu-west-1.amazonaws.com") error="error getting credentials - err: exec: \"docker-credential-ecr-login-new\": executable file not found in $PATH, out: ``"
Today we create a symlink explicitly for the ecr-login provider so that's its in your path.
What is the problem you're trying to solve?. Today Finch only "natively" supports the ecr-login credential helper https://github.com/runfinch/finch/pull/462. However there are scenarios where folks may want to use other credential helpers or wrap
ecr-login
.Today you can put your own helpers in
~/.finch/cred-helpers
and update your DOCKER_CONFIGconfig.json
and everything will be successfully passed into the lima VM, however the BYO credential helper would not be in your path.Today we create a symlink explicitly for the
ecr-login
provider so that's its in your path.https://github.com/runfinch/finch/blob/52fb8b2fe5fb4523076a4bfbd2da8861df120adf/pkg/config/nerdctl_config_applier.go#L87-L92
I wonder if we could instead add
"$FINCH_DIR"/cred-helpers/
to the users path. Therefore all credentials providers could be picked up 🤔Describe the feature you'd like Support BYO credential providers / wrapper scripts.
Additional context Add any other context or screenshots about the feature request here.