1containers-auth.json(5)()                            containers-auth.json(5)()
2
3
4

NAME

6       containers-auth.json - syntax for the registry authentication file
7
8
9

DESCRIPTION

11       A  credentials  file  in  JSON format used to authenticate against con‐
12       tainer image registries.  The primary (read/write) file  is  stored  at
13       ${XDG_RUNTIME_DIR}/containers/auth.json on Linux; on Windows and macOS,
14       at $HOME/.config/containers/auth.json.
15
16
17       When searching for the credential for a registry, the  following  files
18       will  be  read  in  sequence until the valid credential is found: first
19       reading the primary (read/write) file, or the explicit  override  using
20       an  option of the calling application.  If credentials are not present,
21       search in ${XDG\_CONFIG\_HOME}/containers/auth.json, $HOME/.docker/con‐
22       fig.json, $HOME/.dockercfg.
23
24
25       Except the primary (read/write) file, other files are read-only, unless
26       the user use an option of the calling application explicitly points  at
27       it as an override.
28
29

FORMAT

31       The  auth.json file stores encrypted authentication information for the
32       user to container image registries.  The file can have zero to many en‐
33       tries  and  is created by a login command from a container tool such as
34       podman login, buildah login or skopeo login.  Each entry  includes  the
35       name of the registry and then an auth token in the form of a base64 en‐
36       coded string from the concatenation of the username, a colon,  and  the
37       password.
38
39
40       The  following  example  shows  the values found in auth.json after the
41       user logged in to their accounts on quay.io and docker.io:
42
43
44              {
45                   "auths": {
46                        "docker.io": {
47                             "auth": "erfi7sYi89234xJUqaqxgmzcnQ2rRFWM5aJX0EC="
48                        },
49                        "quay.io": {
50                             "auth": "juQAqGmz5eR1ipzx8Evn6KGdw8fEa1w5MWczmgY="
51                        }
52                   }
53              }
54
55
56
57       An entry can be removed by using a logout command from a container tool
58       such as podman logout or buildah logout.
59
60
61       In  addition,  credential  helpers  can be configured for specific reg‐
62       istries and the credentials-helper software can be used to  manage  the
63       credentials  in  a more secure way than depending on the base64 encoded
64       authentication provided by login.  If the credential helpers  are  con‐
65       figured for specific registries, the base64 encoded authentication will
66       not be used for operations concerning credentials of the specified reg‐
67       istries.
68
69
70       When the credential helper is in use on a Linux platform, the auth.json
71       file would contain keys that specify the registry  domain,  and  values
72       that  specify  the  suffix of the program to use (i.e. everything after
73       docker-credential-).  For example:
74
75
76              {
77                  "auths": {
78                      "localhost:5001": {}
79                  },
80                  "credHelpers": {
81                        "registry.example.com": "secretservice"
82                   }
83              }
84
85
86
87       For more information on credential helpers, please reference the GitHub
88       docker-credential-helpers   project  ⟨https://github.com/docker/docker-
89       credential-helpers/releases⟩.
90
91
92

SEE ALSO

94              buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1), skopeo-login(1), skopeo-logout(1)
95
96
97
98

HISTORY

100       Feb  2020,  Originally  compiled  by  Tom  Sweeney  tsweeney@redhat.com
101       ⟨mailto:tsweeney@redhat.com⟩
102
103
104
105                                                     containers-auth.json(5)()
Impressum