You might not be aware of it, but the docker engine stores the credentials you use with docker login in plain text in a file called $HOME/.docker/config.json . Well, granted, it’s not ASCII, it’s base64, which may look like encryption on first glance, but it’s not. Base64 is a scheme for encoding, not encryption. You can simply copy the base64 string and convert it to ASCII in a matter of seconds.

OMG, I’m strongly concerned about the secrecy of my passwords, what should I do?

I’m glad you asked. Thankfully, docker offers credential helpers, which will use your operating system’s native credential store instead of config.json .

Download the archive containing the helper for your operating system from Github and unpack it to /usr/local/bin . Don’t forget to make it executable.

If you are on Linux this should work for you to install verison 0.4.2 of the helper (you will need to be root):

Once that’s done, open ~/.docker/config.json and add a credsStore key to the JSON object’s root. The value will be the name of the credential storage service. This is basically the word after the last hyphen of the executable you just installed. For Linux, the executable is called docker-credential-secretservice , so the service name is secretservice .

If you are on Linux and trust my sed skills you could try and run

sed -i '0,/{/s/{/{

\t"credsStore": "secretservice",/' ~/.docker/config.json

From this point forward, docker will use the external service to store your credentials for docker login <url> . To get rid of the ones that are already in the file, simply docker logout <url> .

Reference

Official Documentation on docker login.