Suggest creating DockerHub accounts with read-only access
levino opened this issue · 2 comments
As far as I can tell I have to give the service the login for docker hub. Is there no way to have a less permissive authentication method? If this service gets hacked, you have a real problem. Especially if third parties use your images.
Good point. It appears that you can create users with read-only access to private Docker Hub images by creating an organization account or converting an existing account to be an an organization.
https://docs.docker.com/docker-hub/orgs/#repository-team-permissions
Oh that's good point to spell out in the documentation!
I'd only use this with an organisation account and hadn't considered folks using it not in an org (or, as another issue touches on - for public DockerHub images that don't authentication to deploy).
I'll leave this open till I've added some info about this to the docs.