Registry Authentication
Authenticating to a Container Registry¶
Before a container image can be pushed to a container image repository, it is
common for the image registry to ask you to authenticate yourself. Depending on
the image registry you are using, you either authenticate yourself through the
finch login
command, or you can leverage credential
helpers,
to manage authentication tokens on your behalf.
macOS and Windows¶
Using the Amazon ECR Credential Helper to login to Amazon ECR¶
The Amazon ECR Credential Helper is a credential helper that handles
Amazon ECR authentication tokens for you. It
does this by leveraging the AWS credentials used by the the AWS CLI, typically
these are located on the workstation at ~/.aws/credentials
.
To configure the Amazon ECR credential helper:
-
Ensure the AWS credentials have been configured and are working correctly on the host local machine before attempting to using the Amazon ECR credential helper.
aws sts get-caller-identity
-
Add the
ecr-login
to thecreds_helpers
section of the Finch configuration file. The file is found at:~/.finch/finch.yaml
.cpus: 3 memory: 4GiB creds_helpers: - ecr-login
-
If it does not already exist, add
ecr-login
to the registry credentials file located at~/.finch/config.json
{ "credsStore": "ecr-login" }
-
Stop and start the Finch virtual machine to pick up the new configuration.
finch vm stop finch vm start
Using the AWS CLI to login to Amazon ECR¶
Alternatively you can use the AWS CLI to retrieve an
Amazon ECR authentication token and pass this
into Finch with the finch login
command. By default this token expires after
12 hours.
export AWS_ACCOUNT_ID=111222333444
export AWS_REGION=eu-west-1
aws ecr get-login-password --region $AWS_REGION | finch login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com
$AWS_ACCOUNT_ID="111222333444"
$AWS_REGION="eu-west-1"
aws ecr get-login-password --region $AWS_REGION | finch login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com"
If the login has been successful, you should see:
Login Succeeded
Using the Amazon ECR Credential Helper to login to Amazon ECR Public¶
The Amazon ECR Credential Helper is a credential helper that handles Amazon ECR Public authentication tokens for you. It does
this by leveraging the AWS credentials used by the the AWS CLI, typically these are located on the workstation at ~/.aws/credentials
.
To configure the Amazon ECR credential helper:
-
Ensure the AWS credentials have been configured and are working correctly on the host local machine before attempting to using the Amazon ECR credential helper.
aws sts get-caller-identity
-
Add the
ecr-login
to thecreds_helpers
section of the Finch configuration file. The file is found at:~/.finch/finch.yaml
.cpus: 3 memory: 4GiB creds_helpers: - ecr-login
-
If it does not already exist, add
ecr-login
to the registry credentials file located at~/.finch/config.json
{ "credsStore": "ecr-login" }
-
Stop and start the Finch virtual machine to pick up the new configuration.
finch vm stop finch vm start
Using the AWS CLI to login to Amazon ECR Public¶
Alternatively you can use the AWS CLI to retrieve an [Amazon ECR Public]
(https://gallery.ecr.aws/) authentication token and pass this into
Finch with the finch login
command. By default this token expires after 12
hours.
# Note that the region will always be us-east-1 when authenticating to ECR Public.
aws ecr-public get-login-password --region us-east-1 | finch login --username AWS --password-stdin public.ecr.aws
If the login has been successful, you should see:
Login Succeeded
To login to Docker Hub, or any registry with username and password authentication. You can use the finch login command and enter the username and password when prompted.
finch login
Enter Username: username
Enter Password:
If the login has been successful, you should see:
Login Succeeded
Linux¶
Using the Amazon ECR Credential Helper to login to Amazon ECR¶
The Amazon ECR Credential Helper is a credential helper that handles
Amazon ECR authentication tokens for you. It
does this by leveraging the AWS credentials used by the the AWS CLI, typically
these are located on the workstation at ~/.aws/credentials
. Since Finch requires
being run as root, this may be /root/.aws/credentials
.
To configure the Amazon ECR credential helper:
-
Ensure the AWS credentials have been configured and are working correctly on the host local machine before attempting to using the Amazon ECR credential helper.
aws sts get-caller-identity
-
Install the ecr credential helper by following these steps.
-
If it does not already exist, add
ecr-login
to the registry credentials file located at/root/.docker/config.json
{ "credsStore": "ecr-login" }
Using the AWS CLI to login to Amazon ECR¶
Alternatively you can use the AWS CLI to retrieve an
Amazon ECR authentication token and pass this
into Finch with the finch login
command. By default this token expires after
12 hours.
export AWS_ACCOUNT_ID=111222333444
export AWS_REGION=eu-west-1
aws ecr get-login-password --region $AWS_REGION | sudo -E finch login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com
If the login has been successful, you should see:
Login Succeeded
Using the Amazon ECR Credential Helper to login to Amazon ECR Public¶
The Amazon ECR Credential Helper is a credential helper that handles Amazon ECR Public authentication tokens for you. It does
this by leveraging the AWS credentials used by the the AWS CLI, typically these are located on the workstation at ~/.aws/credentials
.
To configure the Amazon ECR credential helper:
-
Ensure the AWS credentials have been configured and are working correctly on the host local machine before attempting to using the Amazon ECR credential helper.
aws sts get-caller-identity
-
Install the ecr credential helper by following these steps.
-
If it does not already exist, add
ecr-login
to the registry credentials file located at/root/.docker/config.json
{ "credsStore": "ecr-login" }
Using the AWS CLI to login to Amazon ECR Public¶
Alternatively you can use the AWS CLI to retrieve an [Amazon ECR Public]
(https://gallery.ecr.aws/) authentication token and pass this into
Finch with the finch login
command. By default this token expires after 12
hours.
# Note that the region will always be us-east-1 when authenticating to ECR Public.
aws ecr-public get-login-password --region us-east-1 | sudo finch login --username AWS --password-stdin public.ecr.aws
If the login has been successful, you should see:
Login Succeeded
To login to Docker Hub, or any registry with username and password authentication. You can use the finch login command and enter the username and password when prompted.
sudo finch login
Enter Username: username
Enter Password:
If the login has been successful, you should see:
Login Succeeded