class DockerCredential
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.Pipelines.DockerCredential |
 Java | software.amazon.awscdk.pipelines.DockerCredential |
 Python | aws_cdk.pipelines.DockerCredential |
 TypeScript (source) | @aws-cdk/pipelines » DockerCredential |
Represents credentials used to access a Docker registry.
Example
const dockerHubSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'DHSecret', 'arn:aws:...');
const customRegSecret = secretsmanager.Secret.fromSecretCompleteArn(this, 'CRSecret', 'arn:aws:...');
const repo1 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo1');
const repo2 = ecr.Repository.fromRepositoryArn(this, 'Repo', 'arn:aws:ecr:eu-west-1:0123456789012:repository/Repo2');
const pipeline = new pipelines.CodePipeline(this, 'Pipeline', {
dockerCredentials: [
pipelines.DockerCredential.dockerHub(dockerHubSecret),
pipelines.DockerCredential.customRegistry('dockerregistry.example.com', customRegSecret),
pipelines.DockerCredential.ecr([repo1, repo2]),
],
synth: new pipelines.ShellStep('Synth', {
input: pipelines.CodePipelineSource.connection('my-org/my-app', 'main', {
connectionArn: 'arn:aws:codestar-connections:us-east-1:222222222222:connection/7d2469ff-514a-4e4f-9003-5ca4a43cdc41', // Created using the AWS console * });',
}),
commands: ['npm ci','npm run build','npx cdk synth'],
}),
});
Initializer
new DockerCredential(usages?: DockerCredentialUsage[])
Parameters
- usages
DockerCredential Usage []
Properties
| Name | Type | Description |
|---|---|---|
| usages? | Docker[] |
usages?
Type:
Docker[]
(optional)
Methods
| Name | Description |
|---|---|
| grant | Grant read-only access to the registry credentials. |
| static custom | Creates a DockerCredential for a registry, based on its domain name (e.g., 'www.example.com'). |
| static docker | Creates a DockerCredential for DockerHub. |
| static ecr(repositories, opts?) | Creates a DockerCredential for one or more ECR repositories. |
grantRead(grantee, usage)
public grantRead(grantee: IGrantable, usage: DockerCredentialUsage): void
Parameters
- grantee
IGrantable - usage
DockerCredential Usage
Grant read-only access to the registry credentials.
This grants read access to any secrets, and pull access to any repositories.
static customRegistry(registryDomain, secret, opts?)
public static customRegistry(registryDomain: string, secret: ISecret, opts?: ExternalDockerCredentialOptions): DockerCredential
Parameters
- registryDomain
string - secret
ISecret - opts
ExternalDocker Credential Options
Returns
Creates a DockerCredential for a registry, based on its domain name (e.g., 'www.example.com').
static dockerHub(secret, opts?)
public static dockerHub(secret: ISecret, opts?: ExternalDockerCredentialOptions): DockerCredential
Parameters
- secret
ISecret - opts
ExternalDocker Credential Options
Returns
Creates a DockerCredential for DockerHub.
Convenience method for customRegistry('https://index.docker.io/v1/', opts).
static ecr(repositories, opts?)
public static ecr(repositories: IRepository[], opts?: EcrDockerCredentialOptions): DockerCredential
Parameters
- repositories
IRepository[] - opts
EcrDocker Credential Options
Returns
Creates a DockerCredential for one or more ECR repositories.
NOTE - All ECR repositories in the same account and region share a domain name (e.g., 0123456789012.dkr.ecr.eu-west-1.amazonaws.com), and can only have one associated set of credentials (and DockerCredential). Attempting to associate one set of credentials with one ECR repo and another with another ECR repo in the same account and region will result in failures when using these credentials in the pipeline.