docker-credential-helpers: Docker login command accesses random KeyChain entries and fails

Duplicated from https://github.com/docker/for-mac/issues/1540 Adding here to hopefully get more visibility.

Expected behavior: Running the command docker login -u USER -p PASS HOST:8443 should login to the specified repo.

Unexpected behavior: Running the above command causes docker to ask to access the KeyChain for a randomly chosen entry. If I deny the request, then the command fails with: “error getting credentials - err: exit status 1, out: The user name or passphrase you entered is not correct.” If I allow the request, then the command fails with: “Error saving credentials: error storing credentials - err: exit status 1, out: The specified item already exists in the keychain.”

Could be related to issue #47, but I believe that has already been resolved. I also tried downloading docker-credential-osxkeychain v0.5.0 and replacing /usr/local/bin/docker-credential-osxkeychain with that release and I had the same issue.

About this issue

Original URL
State: open
Created 7 years ago
Comments: 24 (3 by maintainers)

Most upvoted comments

@jeanlaurent I did not, mainly because I wasn’t even aware of docker-credential-osxkeychain before I had this issue 😄 . But correct, I did see the symlink when I reset docker to factory defaults:

$ which docker-credential-osxkeychain
/usr/local/bin/docker-credential-osxkeychain

$ cd /usr/local/bin/
$ ls -la | grep docker-credential-osxkeychain
lrwxr-xr-x    1 localuser  staff      91 Jun  1 09:00 docker-credential-osxkeychain -> /Users/localuser/Library/Group Containers/group.com.docker/bin/docker-credential-osxkeychain

Then if I run:

docker login my.dockerregistery.com:5002

I get the keychain prompting me to use an item that is not my registry. It’s just a random entry, because if I delete this entry, it picks a new one:

screen-shot-2017-06-01-at-9 04

and if I hit “Deny”, I get:

error getting credentials - err: exit status 1, out: 'The user name or passphrase you entered is not correct.'

I tried then downloading the v0.5.0 release and overwriting the symlink in /usr/local/bin/ and I got the same issue I had above.

Finally, if I delete docker-credential-osxkeychain under /usr/local/bin/, I get the normal Docker login and it works:

$ docker login my.dockerregistery.com:5002
Username:
Password:
Login Succeeded

This is on macOS 10.12.5 and Docker 17.03.1-ce-mac12 (17661)

+34

joelika on Jun 1, 2017

rm /usr/local/bin/docker-credential-osxkeychain, and everything get ok.

+29

Danceiny on Dec 15, 2017

It did not work for me.

error getting credentials - err: exec: “docker-credential-osxkeychain”: executable file not found in $PATH, out: ``

+21

sinan-gul on Feb 15, 2018

I found super easy solution. Just disabled “Securely store Docker logins in macOS keychain” from Docker’s GUI preferences menu.

narektutikian on Apr 10, 2019

I had similar problem:

What didn’t work:

Removing file /usr/local/bin/docker-credential-osxkeychain + docker restart
Removing content from $HOME/.docker/config.json + docker restart
System restart
I have tried to open Keychain Access and click the login lock -> I didn’t have permission to do this actions

Working solution:

Open Keychain Access
Left click login
Left click the Passwords tab
Remove records related to docker
Try to login to docker again (image doesn’t show docker records and details to avoid showing personal info 😃

TheGeniesis on Jul 28, 2022

@narek-king thank you, this solution helps me! I’ve disabled this option in GUI preferences and tried docker login - everything is OK.

monstarnn on Apr 11, 2019

I came across this problem on macOS High Sierra 10.13.1 (17B48) and Docker 17.09.0-ce-mac35 (19611)。 I follow instructions from docker/for-mac#2228 and it works for me.

liming-gd on Nov 21, 2017

if your docker version is 18.09.2, you just removing “credsStore”: “osxkeychain” from ~/.docker/config.json instead, https://github.com/docker/for-mac/issues/2295

luvletterldl on May 7, 2019

On Ubuntu 18.10, the binary needs to be deleted for login to work is /usr/bin/docker-credential-secretservice. This may break some functionality however.

ntjn on Feb 7, 2019

Deleting /usr/local/bin/docker-credential-osxkeychain did not work.

I ran brew install docker-credential-helper which installed it correctly. No idea where the original (no longer working) binary came from.

stormbeta on Apr 24, 2018

not work for me; just loop;

1 docker login registry.huilianyi.com username:li… password: Error saving credentials: error storing credentials - err: exit status 1, out: `The user name or passphrase you entered is not correct.`

2 which docker-credential-osxkeychain output: /usr/local/bin/docker-credential-osxkeychain rm /usr/local/bin/docker-credential-osxkeychain

3 go to docker preferences and click Reset to factory defaults. close terminal open new terminal

4 back to 1

QCCS on Aug 6, 2018

Guys, go to docker preferences and click on Restart, once restarted open new terminal and docker login, it resolved to login succeed. If above did not work then go to docker preferences and click Reset to factory defaults.

sntanala on May 10, 2018

deleting the /usr/local/bin/docker-credential-osxkeychain worked for me

Same problem as @bestreaction but after a restart of docker, then it works.

Gustry on Feb 19, 2018

Removing the line "credsStore" : "osxkeychain" resolved for me:

My file ~/.docker/config.json was like below:

{
  "auths" : {

  },
  "HttpHeaders" : {
    "User-Agent" : "Docker-Client/19.03.2 (darwin)"
  },
  "stackOrchestrator" : "swarm",
  "credsStore" : "osxkeychain"
}

I removed the last line ("credsStore" : "osxkeychain") and restarted docker. Then I could login and the file become:

{
        "auths": {
                "https://index.docker.io/v1/": {}
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/19.03.2 (darwin)"
        },
        "credsStore": "osxkeychain",
        "stackOrchestrator": "swarm"
}

utelemaco on Nov 2, 2019

i have logout from docker GUI and restart my docker. and then login via GUI with username dont use email to login [FIXED]

astaphobia on Feb 12, 2019