How to set up secure local credential storage for Docker on Ubuntu 20.04

How to set up secure local credential storage for Docker on Ubuntu 20.04


Need to have secure local storage for Docker login credentials configured via Unix pass tool. When executing docker login command, by default it stores credentials in ~/.docker/config.json file in base64 format, which is not a secure way.


  1. Ubuntu 20.04
  2. If Docker was installed via Snap package manager uninstall it with: snap remove docker command
  3. To list installed Snap packages use: snap list command
  4. Install Docker on Ubuntu with the following commands:
    • sudo apt update
    • sudo apt install apt-transport-https ca-certificates curl software-properties-common --> install a few prerequisite packages which let apt use packages over HTTPS
    • curl -fsSL | sudo apt-key add - --> add the GPG key for the official Docker repository to your system
    • sudo add-apt-repository "deb [arch=amd64] focal stable" --> add the Docker repository to APT sources
    • apt-cache policy docker-ce --> Make sure you are about to install from the Docker repo instead of the default Ubuntu repo
    • sudo apt install docker-ce --> install Docker
    • sudo systemctl status docker --> Docker should now be installed, the daemon started, and the process enabled to start on boot. Check that it’s running
    • docker version --> Confirm Docker version
  5. Make docker commands execute without sudo:
    • sudo usermod -aG docker ${USER} --> add your username to the docker group:
    • su - ${USER} --> To apply for the new group membership, log out of the server and back in
    • groups --> Confirm that your user is now added to the docker group

Setup secure credential storage for Docker:

  1. Install rng-tools: sudo apt-get install rng-tools -y
  2. The rng-tools is a set of utilities related to random number generation in kernel. The main program is rngd, a daemon developed to check and feed random data from hardware device to kernel entropy pool.
  3. Generate the required entropy with the command: sudo rngd -r /dev/urandom
  4. Install the pass tool with the command: sudo apt-get install pass -y
  5. Generate a new GPG key: gpg --full-generate-key. Answer the interactive setup questions. Setup passphrase for the new key.
  6. Create a new directory: mkdir ~/bin
  7. Cd into created directory: cd ~/bin
  8. Add the directory to your PATH env vaiable: echo 'export PATH=$PATH:~/bin' >> ~/.bashrc
  9. Download docker-credential-pass with the following command: wget
  10. Extract files: tar xvzf docker-credential-pass-v0.6.3-amd64.tar.gz
  11. Give the new file proper permissions with: chmod a+x docker-credential-pass
  12. Copy the executable with the command: sudo cp docker-credential-pass /usr/local/bin
  13. Logout and login into Docker server: docker logout and docker login
  14. Create a new directory: mkdir ~/.docker
  15. Locate your GPG id associated with credential storage: gpg --list-secret-keys or gpg --fingerprint [your_email_set_during_key_creation]
  16. Initialize the pass tool with the command: pass init [your_gpg_id_string_in_hex_format]
  17. Create password for credential storage with the command: pass insert docker-credential-helpers/docker-pass-initialized-check
  18. Once your password is generated, create a new configuration file with the command: sudo vim ~/.docker/config.json
  19. Add the following content to the new file, save and close:
      "credsStore": "pass"
  20. Finally login to the Docker with the command docker login and check if WARNING message disappeared


  1. Docker credentials store
  2. Issue with the execution of docker-credential-pass for Docker snap
  4. How To Install and Use Docker on Ubuntu 20.04
  5. Unix pass tool