continuous integration - Docker: Using --password via the CLI is insecure. Use --password-stdin

Question

I have the following warning when I log in to my registry during a continuous integration (CI) process:

WARNING! Using --password via the CLI is insecure. Use --password-stdin.

Should I just replace --password with --password-stdin?

Answer 1

According to docker documentation:

To run the docker login command non-interactively, you can set the --password-stdin flag to provide a password through STDIN. Using STDIN prevents the password from ending up in the shell’s history, or log-files.

The following examples read a password from a file, and passes it to the docker login command using STDIN:

$ cat ~/my_password.txt | docker login --username foo --password-stdin

or

$ docker login --username foo --password-stdin < ~/my_password

The following example reads a password from a variable, and passes it to the docker login command using STDIN:

$ echo "$MY_PASSWORD" | docker login --username foo --password-stdin