I have the following warning when I log in to my registry during a continuous integration (CI) process:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Should I just replace --password with --password-stdin?
According to docker documentation:
To run the docker login command non-interactively, you can set the
--password-stdinflag to provide a password through STDIN. Using STDIN prevents the password from ending up in the shell’s history, or log-files.
The following examples read a password from a file, and passes it to the docker login command using STDIN:
$ cat ~/my_password.txt | docker login --username foo --password-stdin
or
$ docker login --username foo --password-stdin < ~/my_password
The following example reads a password from a variable, and passes it to the docker login command using STDIN:
$ echo "$MY_PASSWORD" | docker login --username foo --password-stdin