Docker credential store for AWS SSO
Simple docker credential store for AWS ECR when using AWS SSO profiles. It does not store aws credentials (keys and tokens) on the machine but it returns them dinamically to docker every time the auth is needed
- awscli v2
- windows x64
- Clone this repository and add the
/bin
folder in thePATH
environment variable to enable docker to discover and run it.- Alternatively, download the binary
/bin/docker-credential-aws-sso-ecr.exe
and place it in a folder present in thePATH
environment variable - If, for security reasons, don't trust running the docker-credential-aws-sso-ecr.exe created follow the build instruction here to create it from source
- Alternatively, download the binary
- Update
~/.docker/config.json
by adding thedocker-credential-aws-sso-ecr
as credStore for the specific registry like:{ "credHelpers": { // Important bit "<ACCOUNT>.dkr.ecr.<REGION>.amazonaws.com": "aws-sso-ecr" // Important bit }, "credStore": "desktop", "stackOrchestrator": "swarm" }
- Start pulling and pushing.
DOCKER_CREDSTORE_AWS_SSO_ECR = ROLENAME
in your machine.
If there are not profile with the default ROLE_NAME
, the first profile matching the account and region will be selected.
From the root of the repo.
# Windows
go build -o bin/docker-credential-aws-sso-ecr.exe src/docker-credential-aws-sso-ecr.go
Related issues that made this implementation needed: