First, ensure we’re starting from an empty password store:
rm -fr ~/.password-store
Configure GnuPG
Ensure that GPG can prompt in the terminal. Note that koopa sets this automatically.
GPG_TTY="$(tty)"
export GPG_TTY
Check your GnuPG configuration.
gpg -K
Ensure the primary key is trusted.
gpg --edit-key "EMAIL"
Tell the GPG agent you trust the key.
gpg> trust
# Select 5: '5 = I trust ultimately'
gpg> quit
Configure pass
Now you’re ready to intitialize pass.
pass init "EMAIL"
The pass library is saved in ~/.password-store.
Configure docker-credential-pass
Now we’re ready to initialize docker credential helpers, using pass in this case.
Note that osxkeychain is also supported for macOS.
pass insert docker-credential-helpers/docker-pass-initialized-check
Enter pass is initialized.
pass show docker-credential-helpers/docker-pass-initialized-check
PGP password should prompt here unless it’s already active.
docker-credential-pass list
You should see:
{}
Configure Docker
Ensure your configuration is clean.
rm -fr ~/.docker
You need to specify the credentials store in ~/.docker/config.json to
tell the docker engine to use it. The value of the config property should be the
suffix of the program to use (i.e. everything after docker-credential-). Here
we’re using pass for Linux.
{
"credsStore": "pass"
}
Log out of Docker.
docker logout
Now log in. You’ll be prompted for a password, but this should only happen once.
docker login --username="USERNAME" docker.io
If you hit this error with pushes, it is because your GPG key is locked or the cred store isn’t configured correctly.
# denied: requested access to the resource is denied