Vault: no basic auth credentials with private registry


#1

I’ve recently switched my homelab to use version 1.0.0-rc.6 and since I haven’t been able to push new images using the vault integration.

The pipeline I’m using looks like this:

---
kind: pipeline
name: default

platform:
  os: linux
  arch: amd64

steps:
- name: build
  image: plugins/docker
  settings:
    registry: private.registry
    repo: private.registry/foo
    tags:
    - "${DRONE_BUILD_NUMBER}"
    - latest
    username:
      from_secret: username
    password:
      from_secret: password

---
kind: secret
type: general
external_data:
  password:
    path: secret/drone/docker
    name: password
  username:
    path: secret/drone/docker
    name: username

I’ve tried with either the latest version of the plugins/docker plugin or with the older version and I end up with the same problem.

What I end up with is something like this:

+ /usr/local/bin/docker push private.registry/foo:16
226 The push refers to repository [private.registry/foo]
227 956e9bb9078f: Preparing
228 3661c06c0c82: Preparing
229 09a6a9feda5d: Preparing
230 bcf2f368fe23: Preparing
231 no basic auth credentials
232 time="2019-03-10T20:35:29Z" level=fatal msg="exit status 1"

I’ve followed the guide while adding the VAULT_ADDR environment variable since it’s missing in the documentation. There isn’t any errors in either the agent, drone/vault or the server.

Thanks.


#2

This is because there were two syntax changes to the yaml that impact registry secrets and external secrets. See the release notes, specifically the section about breaking changes, for more details.