podman-login - Man Page
Log in to a container registry
Examples (TL;DR)
- Log in to a registry (non-persistent on Linux; persistent on Windows/macOS):
podman login registry.example.org - Log in to a registry persistently on Linux:
podman login --authfile $HOME/.config/containers/auth.json registry.example.org - Log in to an insecure (HTTP) registry:
podman login --tls-verify=false registry.example.org
Synopsis
podman login [options] [registry]
Description
podman login logs into a specified registry server with the correct username and password. If the registry is not specified, the first registry under [registries.search] from registries.conf is used. podman login reads in the username and password from STDIN. The username and password can also be set using the username and password flags. The path of the authentication file can be specified by the user by setting the authfile flag. The default path for reading and writing credentials is ${XDG_RUNTIME_DIR}/containers/auth.json. Podman uses existing credentials if the user does not pass in a username. Podman first searches for the username and password in the ${XDG_RUNTIME_DIR}/containers/auth.json, if they are not valid, Podman then uses any existing credentials found in $HOME/.docker/config.json. If those credentials are not present, Podman creates ${XDG_RUNTIME_DIR}/containers/auth.json (if the file does not exist) and then stores the username and password from STDIN as a base64 encoded string in it. For more details about format and configurations of the auth.json file, see containers-auth.json(5)
podman [GLOBAL Options]
podman login [GLOBAL Options]
Options
--authfile=path
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json on Linux, and $HOME/.config/containers/auth.json on Windows/macOS. The file is created by podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.
Note: There is also the option to override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. This can be done with export REGISTRY_AUTH_FILE=path.
--cert-dir=path
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d) For details, see containers-certs.d(5). (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
--compat-auth-file=path
Instead of updating the default credentials file, update the one at path, and use a Docker-compatible format.
--get-login
Return the logged-in user for the registry. Return error if no login is found.
--help, -h
Print usage statement
--password, -p=password
Password for registry
--password-stdin
Take the password from stdin
--secret=name
Read the password for the registry from the podman secret name. If --username is not specified --username=name is used.
--tls-verify
Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, TLS verification is used. If set to false, TLS verification is not used. If not specified, TLS verification is used unless the target registry is listed as an insecure registry in containers-registries.conf(5)
--username, -u=username
Username for registry
--verbose, -v
print detailed information about credential store
Examples
Add login credentials for specified registry to default authentication file; note that unlike the docker default, the default credentials are under $XDG_RUNTIME_DIR which is a subdirectory of /run (an emphemeral directory) and hence do not persist across reboot.
$ podman login quay.io Username: umohnani Password: Login Succeeded!
To explicitly preserve credentials across reboot, you will need to specify the default persistent path:
$ podman login --authfile ~/.config/containers/auth.json quay.io Username: umohnani Password: Login Succeeded!
Add login credentials using specified username and password for local registry to default authentication file.
$ podman login -u testuser -p testpassword localhost:5000 Login Succeeded!
Add login credentials for alternate authfile path for the specified registry.
$ podman login --authfile authdir/myauths.json quay.io Username: umohnani Password: Login Succeeded!
Add login credentials using a Podman secret for the password.
$ echo -n MySecret! | podman secret create secretname - a0ad54df3c97cf89d5ca6193c $ podman login --secret secretname -u testuser quay.io Login Succeeded!
Add login credentials for user test with password test to localhost:5000 registry disabling tls verification requirement.
$ podman login --tls-verify=false -u test -p test localhost:5000 Login Succeeded!
Add login credentials for user foo with password bar to localhost:5000 registry using the certificate directory /etc/containers/certs.d.
$ podman login --cert-dir /etc/containers/certs.d/ -u foo -p bar localhost:5000 Login Succeeded!
Add login credentials for specified registries to default authentication file for given user with password information provided via stdin from a file on disk.
$ podman login -u testuser --password-stdin < testpassword.txt docker.io Login Succeeded!
Add login credentials for specified registry to default authentication file for given user with password information provided via stdin from a pipe.
$ echo $testpassword | podman login -u testuser --password-stdin quay.io Login Succeeded!
Add login credentials for specified registry to default authentication file in verbose mode.
$ podman login quay.io --verbose Username: myusername Password: Used: /run/user/1000/containers/auth.json Login Succeeded!
See Also
podman(1), podman-logout(1), containers-auth.json(5), containers-certs.d(5), containers-registries.conf(5), podman-secret(1), podman-secret-create(1)
History
August 2017, Originally compiled by Urvashi Mohnani umohnani@redhat.com ⟨mailto:umohnani@redhat.com⟩
Referenced By
buildah-build(1), buildah-from(1), buildah-manifest-add(1), buildah-manifest-push(1), buildah-pull(1), buildah-push(1), containers-auth.json(5), containers-transports(5), podman(1), podman-artifact-pull(1), podman-artifact-push(1), podman-logout(1), podman-pull(1), podman-push(1), podman-secret-create(1), skopeo(1), skopeo-copy(1), skopeo-delete(1), skopeo-inspect(1), skopeo-list-tags(1), skopeo-sync(1), toolbox-create(1).
The man page docker-login(1) is an alias of podman-login(1).