WARNING! Using –password via the CLI is insecure. Use –password-stdin

Question

I started the build of the docker image in the ci cd pipeline and at the “build” step does not pass an authorization for a reason unknown to me, and gives an error:

    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store

    Login Succeeded
    $ docker login --username=$HEROKU_USER --password=$HEROKU_API_KEY registry.heroku.com
    WARNING! Using --password via the CLI is insecure. Use --password-stdin.
    Error response from daemon: login attempt to https://registry.heroku.com/v2/ failed with status: 401 Unauthorized
    Cleaning up project directory and file based variables
    ERROR: Job failed: exit code 1

Has anyone encountered this and can help? since I'm still just learning CI СD . perhaps even a stupid mistake due to my lack of knowledge and competence in this area.

My docker-compose.yml here:

    version: "3.3"

    services:
      beranking-api:
        container_name: beranking-api
        ports:
          - 8000:80
          - 8001:443
        depends_on:
          - "postgres"
        build:
          context: .
          dockerfile: BBS.Api/Dockerfile
        environment:
          - ASPNETCORE_URLS=https://+;http://+
          - ASPNETCORE_Kestrel__Certificates__Default__Password=certificate
          - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/certificate.pfx
        volumes:
          - ~/.aspnet/https:/https:ro
        networks:https://stackoverflow.com/questions/ask#
          - beranking-network
      postgres:
        container_name: postgres
        ports:
          - "5432"
        restart: always
        build:
          context: .
          dockerfile: BBS.DataAccess/Dockerfile
        environment:
          POSTGRES_USER: "testing"
          POSTGRES_PASSWORD: "testing"
          POSTGRES_DB: "testing"
        networks:
          - beranking-network

    networks:
      beranking-network:
        driver: bridge

Answer 1

The issue has nothing to do with your docker-compose file - It is directly related to your command:

docker login --username=$HEROKU_USER --password=$HEROKU_API_KEY registry.heroku.com

When using the password configuration this way, it is still logging the output of your variable $HEROKU_API_KEY will be saved to:

WARNING! Your password will be stored unencrypted in your/path/.docker/config.json.

I am not completely familair with heroku, but this issue can be solved on Gitlab by doing the following:

echo "$HEROKU_API_KEY" | docker login --username foo --password-stdin

You can also use a credential store from docker - more information here:

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Docker: Using --password via the CLI is insecure. Use --password-stdin