-
Notifications
You must be signed in to change notification settings - Fork 380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support more arbitrary credential helper executable names? #2449
Comments
Thanks for reaching out! It seems to me that adding that lookup would just be confusing. Even in this motivating example, creating a binary named This example looks bad especially on macOS, where The physical cost of an extra syscall is not all that much, but it is still non-zero, and I don’t think there really is a benefit. One possible alternative might be to allow an absolute path (starting with
I think that would work well in the In |
About I thought about absolute path, but didn't sure about a couple moments, like:
Also trying to find struct of |
So you do want to have some prefix/suffix of the executable name, just for some reason not the default |
@mtrmac kinda, yes |
I was looking how to use custom credentials helper along with podman, e.g. using shell script wrapper for access to macos keychain via
security
.After some research i found out, that calling credentials helper looks like this
which is, technically, allows to use any executable file with
docker-credential-
prefix if it is in$PATH
and supports defined cli.So, is it possible to get rid of the need for this prefix, like, use fallback from
"docker-credential-%s"
to"%s"
?This behavior would allow to use any executable, regardless of its name, in
credential-helpers
list, for example:this would provide helpers chain:
docker-credential-security
security
auth.json
Possible downside of this, if existence of
docker-credential-security
executable in$PATH
would change between credStore operations, likestore
would calldocker-credential-security
andget
would callsecurity
due todocker-credential-*
renamed or removed.But looks like this is convenient behavior now.
So, is it possible (or am i allowed😉) to implement that or there are more downside, which i don't see?
The text was updated successfully, but these errors were encountered: