Create-production-image doesn't accept registry password properly

In the createDockerComposeProduction.ps1 powershell script (and likely other scripts):

if ([string]::IsNullOrEmpty($psswd)) {
    if ($_iterative) {
        $tag = Read-Host "Docker registry password"
    }

    if ([string]::IsNullOrEmpty($psswd)) {
        throw "❌ Docker registry password cannot be empty"
    }
}

Pretty sure the password shouldn’t be stored in the image tag.

Furthermore - it’d be nice if the password was masked (albeit this seems to only work with the first character, perhaps I’m freeing too early, not a PS expert):

$psswd_secure = Read-Host -AsSecureString "Docker registry password"
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($psswd_secure)
$psswd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
[Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)

Greetings @alexkl,

Thank you for bringing this to our attention. Let me discuss this with our IDE extensions team and get their feedback regarding your findings here.

Best Regards,
Jeremias

Alright here’s the feedback from our team.

To your first point regarding createDockerComposeProduction.ps1. It seems you are correct and the team will correct this for the next release of the extension.

For your second point about password masking, the team suggests something like this:

$psswd = Read-Host -MaskInput "Docker registry password"

Best Regards,
Jeremias

1 Like