install: Add --copy-container-credentials
#428
Assignees
Labels
area/install
Issues related to `bootc install`
enhancement
New feature or request
triaged
This looks like a valid issue
Comments
cgwalters
added
area/install
|
xref containers/image#1746 too |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We document that registry credentials are honored from
/etc/ostree/auth.json, but it's easy to miss (and needs to highlighted much better) (there's also the general issue with embedding the pull secret in the image itself, cc #22 )Now when using
bootc install to-filesystemwith a private registry, we could addbootc install --copy-container-credentialswhere we go and slurp out~/.config/containers/auth.jsonand inject it into the final system as/etc/ostree/auth.json.This way we get a flow where we
podman loginon the original hostbootc install to-filesystem --copy-container-credentialsAnd the original podman credentials (injected into
~/.config/containers/auth.json) could have come from e.g. cloud-init (which is arguably more secure than embedding them into the image itself).The text was updated successfully, but these errors were encountered: