A credential helper for the Docker daemon that makes it easier to use Alibaba Cloud Container Registry (ACR).
Download the latest release from the Releases page.
By default, the helper searches for ACR credentials in the following order:
- It fetches the credentials via RAM Roles for Service Accounts (RRSA) OIDC Token
when the
ALIBABA_CLOUD_ROLE_ARN,ALIBABA_CLOUD_OIDC_PROVIDER_ARN, andALIBABA_CLOUD_OIDC_TOKEN_FILEenvironment variables are defined and are not empty. - Use access key id and access key secret that are specified by the
ALIBABA_CLOUD_ACCESS_KEY_IDandALIBABA_CLOUD_ACCESS_KEY_SECRETenvironment variables. - A profile file whose path is specified by the
ALIBABA_CLOUD_CREDENTIALS_FILEenvironment variable. - A profile file in a default location:
- On Windows, this is
C:\Users\USER_NAME\.alibabacloud\credentials. - On other systems, it is
~/.alibabacloud/credentials.
- On Windows, this is
- It fetches the credentials of the RAM Role associated with the VM from the metadata server when
the environment variable
ALIBABA_CLOUD_ECS_METADATAis defined and not empty.
For more information about configuring credentials, see Provider in the @aliyun/credentials-go.
Place the docker-credential-acr-helper binary on your PATH and
add a credHelpers entry to the Docker config file (~/.docker/config.json)
for each ACR registry that you care about.
Keys specify the registry domain (without the https://), and values specify the suffix of the credential helper binary (everything after docker-credential-).
For example:
{
"credHelpers": {
"registry.cn-beijing.aliyuncs.com": "acr-helper",
"registry-intl.ap-southeast-1.aliyuncs.com": "acr-helper",
"registry.<region>.aliyuncs.com": "acr-helper",
"<acr-ee-instance-name>-registry.<region>.cr.aliyuncs.com": "acr-helper"
}
}
For more information about configuring Docker, see Credential helpers in the Docker Documentation.
