In my project under Repository, I choose to create a new file, from the
Docker template provided by GitLab.
It looks like this:
# This file is a template, and might need editing before it works on your project. # Official docker image. image: docker:latest services: - docker:dind before_script: - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY build-master: stage: build script: - docker build --pull -t "$CI_REGISTRY_IMAGE" . - docker push "$CI_REGISTRY_IMAGE" only: - master build: stage: build script: - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" . - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" except: - master
I choose to make this repository public. When GitLab CI run’s it produces the warning after Docker login:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
What does this mean? Does this mean anyone who downloads my public images build from this process has my GitLab Docker Container Registry password and can replace my images?
If so, how can you prevent this? If not is this process secure by default for public repositories and safe to ignore the warning?