Understand why `docker login` may need the package `pass`

[yaobinwen]

Description

When I tried to run docker login remotely via SSH, I encountered the following error:

** Message: 22:08:41.658: Remote error from secret service: org.freedesktop.Secret.Error.IsLocked: Cannot create an item in a locked collection Error saving credentials: error storing credentials - err: exit status 1, out: Cannot create an item in a locked collection

This post provides the answer:

sudo apt install gnupg2 pass

Good job! BUT! Why?!

This comment asks the same question, but all the other comments (as of 2022-03-17) simply confirmed the solution works (or not) on the particular platforms and NOBODY seemed to care about why.

Related

These links may help:

• [Docker login Fails with error message “Error saving credentials: Cannot autolaunch D-Bus without X11 $DISPLAY”](https://forums.docker.com/t/docker-login-fails-with-error-message-error-saving-credentials-cannot-autolaunch-d-bus-without-x11-display/77789)
• docker login 登录_Docker Login登录凭证安全存储
• This SO answer

[yaobinwen]

Update (2022-03-17)

After using pass, the following file was created:

ywen@cluster-worker-tao:~/.docker$ cat config.json 
{
    "auths": {
        "remote.server.io:443": {
            "auth": "aGVsbG86d29ybGQK"
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/19.03.8 (linux)"
    }
}

But the auth field is merely a base64 encoded string:

ywen@cluster-worker-tao:~/.docker$ echo "aGVsbG86d29ybGQK" | base64 --decode
hello:world

And this is why the config.json has strict permissions 0o600:

-rw-------  1 ywen ywen  176 Mar 17 21:17 config.json