I’ve started using podman on my new laptop. It has worked well so far, even with the rootless configuration.

However, I’ve never got it to save my credentials to Docker Hub, which has been annoying. I’ve had to do a podman login after every reboot. Not very convenient. The man page gave a way to store the credentials in clear text on disk, but that didn’t feel very nice from a security perspective.

There is a way to use the same credential helper as Docker does though, which stores the credentials using the Secret Service API.

1. Install the credential helper

First we need to install the secretservice credential helper from the Docker credential helper repo.

Check if your distribution provides it in their repos. For Arch Linux, you can find it in the AUR as docker-credential-secretservice.

Otherwise, you can download it from Github: https://github.com/docker/docker-credential-helpers , and follow the instructions in the README.

2. Ensure podman uses the helper

To make podman use the credential helper, create the file ~/.config/containers/auth.json and add the following contents.

{
    "credHelpers": {
        "docker.io": "secretservice"
    }
}

This ensures that podman uses the helper for the docker.io registry, i.e. Docker Hub.

3. Add Docker Hub credentials

Finally we need to add the Docker Hub login credentials.

This is not done by podman login at the moment, so this has to be done as follows. If you try to do it with podman, it will just add the credentials in plaintext to /run/user/XXXX/containers/auth.json, which disappears after reboot.

Replace YOUR_USERNAME with your username, and YOUR_SECRET with either password or preferably with a newly generated access token.

echo '{"ServerURL":"docker.io","Username":"YOUR_USERNAME","Secret":"YOUR_SECRET"}' | docker-credential-secretservice store

4. Enjoy

Now you’re finished, and can perform authenticated podman pull and podman push as expected!