Docker: Using --password via the CLI is insecure. Use --password-stdin

The same echo command on a Windows based system (or when running in an Azure Pipelines task based on vs2017-win2016) does also output an additional newline.

A workaround for this to use set /p, see also question + answer.

The full command will be like:
echo | set /p="my_password" | docker login --username foo --password-stdin

According to docker documentation:

To run the docker login command non-interactively, you can set the --password-stdin flag to provide a password through STDIN. Using STDIN prevents the password from ending up in the shell’s history, or log-files.

The following examples read a password from a file, and passes it to the docker login command using STDIN:

$ cat ~/my_password.txt | docker login --username foo --password-stdin

$ docker login --username foo --password-stdin < ~/my_password

The following example reads a password from a variable, and passes it to the docker login command using STDIN:

$ echo "$MY_PASSWORD" | docker login --username foo --password-stdin

Docker: Using --password via the CLI is insecure. Use --password-stdin

Tags:

Docker

Continuous Integration

Dockerfile

Related

Recent Posts