Why is docker login storing my password in an unencrypted folder, and should I do something about it?

  azure, azure-pipelines, containers, docker, security

I have an application running inside a Docker container, which is continuously being pushed to an Azure Container Registry. As part of the pipeline I am using the step:

docker login <Docker Server> -u <Username> -p <Password>

When my pipeline is running this step, I get the following warnings:

WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Should I do something about this, and do you have any proposed solutions?

Source: Docker Questions

LEAVE A COMMENT