Re: Authenticating w/ Private Docker Registries via cf CLI [survey closed] results
|
Koper, Dies <diesk@...>
Thank you very much for participating in our survey on the UX for cf CLI private docker registry support!
There were 54 respondents, with about half of them leaving comments. We put together a document with the results. https://docs.google.com/a/pivotal.io/document/d/1KGLIPxCf627nl6zzGyWqgu2S4NxuO5JRWM06C25SM1E/edit?usp=sharing From the survey results and the conversations we’ve had so far, we understand: - Respondents favour both an interactive and a scriptable method of supporting this, from the beginning. - Respondents don’t want to be invited to pass in passwords (in plain text) on the command line to the cf CLI. - Respondents are concerned about the complexity of URL encoding of credentials in a URI. - Respondents suggested alternatives to passing in their password, through a file or with environment variables. Based on this, and suggestions respondents added, we believe the following balances security, automation and ease-of-use: $ cf push --docker-image IMAGE --username DOCKER_REGISTRY_USER Environment variable CF_DOCKER_REGISTRY_PASSWORD not set. Enter password> If you specify a username, the CLI will look for an environment variable to find the password. If not found, it will prompt for the password. This introduces a protective measure to prevent passwords from leaking into the command line history while allowing for automation and other non-interactive use cases via a single environment variable. We’d love to hear your feedback on this approach. Regards, Dies & Mike From: mlong(a)pivotal.io [mailto:mlong(a)pivotal.io] Sent: Thursday, March 16, 2017 4:52 AM To: cf-dev(a)lists.cloudfoundry.org Subject: [cf-dev] Authenticating w/ Private Docker Registries via cf CLI [Google Forms] Having trouble viewing or submitting this form? FILL OUT IN GOOGLE FORMS<https://docs.google.com/forms/d/e/1FAIpQLSfWINfv5OcnV3a_UJNX2QZMJvke3d11al_Pw2CSDPx2BzXlEA/viewform?c=0&w=1&usp=mail_form_link> I've invited you to fill out a form: Authenticating w/ Private Docker Registries [cf CLI]<https://docs.google.com/forms/d/e/1FAIpQLSfWINfv5OcnV3a_UJNX2QZMJvke3d11al_Pw2CSDPx2BzXlEA/viewform?c=0&w=1&usp=mail_form_link> Today, app developers who `cf push` Docker app images are unable to use private registries that require authentication. We'd like your feedback on solutions that provide the best UX for app developers... Option 1: credentials via flags on push * cf push my-app -o docker://myregistry:443/docker-org/test-app --username username --password password 1 2 3 4 5 Poor UX ( ) ( ) ( ) ( ) ( ) Good UX Option 2: via URL * cf push my-app -o docker://username:password(a)myregistry:443/docker-org/test-app 1 2 3 4 5 Poor UX ( ) ( ) ( ) ( ) ( ) Good UX Option 3: via interactive prompt * cf push my-app -o docker://myregistry:443/docker-org/test-app --authenticate [CLI Prompt] <"'Enter Username" | "Enter Password"> 1 2 3 4 5 Poor UX ( ) ( ) ( ) ( ) ( ) Good UX Add'l thoughts and how we can reach you (optional) [Submit] Never submit passwords through Google Forms. Powered by <https://www.google.com/forms/about/?utm_source=product&utm_medium=forms_logo&utm_campaign=forms> [Google Forms]<https://www.google.com/forms/about/?utm_source=product&utm_medium=forms_logo&utm_campaign=forms> This form was created inside of Pivotal. Report Abuse<https://docs.google.com/forms/d/e/1FAIpQLSfWINfv5OcnV3a_UJNX2QZMJvke3d11al_Pw2CSDPx2BzXlEA/reportabuse?source=https://docs.google.com/forms/d/e/1FAIpQLSfWINfv5OcnV3a_UJNX2QZMJvke3d11al_Pw2CSDPx2BzXlEA/viewform?sid%3D7cef5bcedd393016%26c%3D0%26w%3D1%26token%3DtFA-01oBAAA.-UNzr95bSFpDZ9SUmRxYww.rDSzORhupqHCQfK7qrk2vA> - Terms of Service<http://www.google.com/accounts/TOS> - Additional Terms<http://www.google.com/google-d-s/terms.html> Create your own Google Form<https://docs.google.com/forms?usp=mail_form_link> |
|
|