Hey there. I’ve installed Drone (latest as of today) on my server and it’s all working except for one thing: Secrets. I’ve defined a secret called docker_auth containing a Harbor authentication token for a robot account. When testing it locally, it works but Drone seems to not pass the secrets to the container:
kind: pipeline
name: default
steps:
- name: docker
image: plugins/docker
settings:
auth:
from_secret: docker_auth
repo: harbor.REMOVED.com/library/REMOVED
registry: harbor.REMOVED.com
tags: latest
auto_tag: true
That’s my .drone.yml file. When starting a build however, this is printed to the build log:
Registry credentials not provided. Guest mode enabled.
Could someone let me know where i messed up? Thanks
You need to use username and password for authentication. For example:
steps:
- name: docker
image: plugins/docker
settings:
username:
from_secret: docker_username
password:
from_secret: docker_password
repo: harbor.REMOVED.com/library/REMOVED
registry: harbor.REMOVED.com
tags: latest
auto_tag: true
That would mean i’d have to create an user account, which defeats the purpose of even having robot accounts. Also, in the docs, auth is mentioned right at the bottom. Does that mean that auth doesn’t support secrets?
Looking at the plugin source code I do not see an auth parameter, which would mean the documentation is incorrect.
Okay, thanks. I’ll use username and password instead.
As an aside, isn’t the auth parameter a base64 encoded username and password [1]? This should not prevent you from using a robot account. You should be able to base64 decode your robot account auth string to get the underlying username and password.
[1] https://www.projectatomic.io/blog/2016/03/docker-credentials-store/
Seems like Harbor stores a JWT inside the token. I’ll just use a normal user.