I recently added github actions to the repository for my lab website to build and store the the website content as a docker image in the github container registry (ghcr.io).

Configure Pass

To pull from the repository requires a personal access token. When the token (PAT) is used with docker, we receive a warning about storing the password unencrypted in a JSON configuration. Instead, we can use a credential store like pass (Also pass is developed by the same developer as wireguard!)

# Install
sudo apt install pass

# Create GPG key (no password)
gpg2 --generate-key

# Configure pass with the key
pass init <name_of_your_gpg_key>

Configure Docker

Docker needs to know what credential store we are using: https://docs.docker.com/reference/cli/docker/login/#configure-the-credential-store

{
        "credsStore": "pass"
}

Download the credential helper from: https://github.com/docker/docker-credential-helpers/releases

# Install and validate the credential helper (ARM64)
wget https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/checksums.txt
wget https://github.com/docker/docker-credential-helpers/releases/download/v0.9.5/docker-credential-pass-v0.9.5.linux-arm64
sha256sum -c checksums.txt --ignore-missing 
docker-credential-pass-v0.9.5.linux-arm64: OK

# Make executable
chmod +x docker-credential-pass-v0.9.5.linux-arm64

# Add to path
sudo  mv docker-credential-pass-v0.9.5.linux-arm64 /usr/local/bin/docker-credential-pass

# Login with docker (fill in username & PAT)
docker login ghcr.io

We now have the access token saved and encrypted with gpg. Pulling from the ghcr.io uses the credential helper to obtain the token and use it to login before pulling.

Read other posts

< [Self hosting a learning management system (LMS)]

Using Docker to deploy website

Configure Pass

Configure Docker