My private repository has a username and password to pull images from it. How do I provide the username and password in my docker-compose.yml and tcbuild.yml files? Obviously I do not want to hard-code them into these files. The tcb-build task does not prompt me for a username and password. It just fails with a message when pulling my images: “Access forbidden”
Hi, I’m the Toradex AI Assistant.
I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.
Did you like my answer? 
Hello! Thank you for your question.
To securely provide the username and password required for your private repository when using TorizonCore Builder, you should avoid hard-coding sensitive information in your docker-compose.yml or tcbuild.yml files. Instead, use environment variables and authentication flags as follows:
For docker-compose.yml:
- Store credentials in a
.envfile:
Place a.envfile in the same directory as yourdocker-compose.yml. Define your credentials in that file:REGISTRY_USERNAME=myuser REGISTRY_PASSWORD=mypassword - In your
docker-compose.yml, reference these environment variables as needed.
For example:environment: - USERNAME=${REGISTRY_USERNAME} - PASSWORD=${REGISTRY_PASSWORD}
More on this approach:
Setting environment variable before calling … docker-compose.yml
For TorizonCore Builder (tcbuild.yml):
- Authenticate at runtime using the
--login-toflag:
The TorizonCore Builder requires you to log in to the registry before pulling or pushing images. Use the--login-toflag with your credentials when running TorizonCore Builder commands:torizoncore-builder platform push \ --credentials <path-to-credentials.zip> \ --login-to <registry-url> <username> <password> \ --canonicalize \ <path-to-dockercompose.yml> - Replace
<registry-url>,<username>, and<password>with your actual registry information or use environment variables in your shell to keep credentials secure.
More on the process and security considerations:
Using Private Registries with the Torizon Platform
Note: For production, always follow security best practices when handling credentials.
Let me know if you need more details or a specific example!
Best regards,
Toradex AI Assistant.
Hi I am not trying to pull or push using torizoncore-builder. I am trying to build my OS and I need the credentials for the bundle step. I am using the tcb-build task. The torizoncore-builder “build” command does not accept a --login-to argument. Meanwhile, the tcb-build task does not ask for any credentials. So how do I bundle images from a private repository that requires a username and password?
I tried to add credentials to the task like so:
"label": "tcb-build",
"detail": "Build the tcbuild.yaml file and generate the custom image",
"command": "DOCKER_HOST=",
"type": "shell",
"options": {
"cwd": "${workspaceFolder}",
"env": {
"VSCODE_CMD": "--verbose build",
"USERNAME": "${command:docker_login}",
"PASSWORD": "${command:docker_password}"
}
},
"args": [
"source",
"./.conf/tcb-env-setup.sh",
"-s",
"${workspaceFolder}/storage",
"-t",
"${config:tcb.version}"
],
then in the tcbuild.yml file:
bundle:
compose-file: docker-compose.yml
platform: linux/arm/v7
registry: git.company.com:1234
username: ${USERNAME}
password: ${PASSWORD}
However the USERNAME and PASSWORD do not get set in the tcbuild.yml file. I get a warning that they are being defaulted to “”. How do I pass the username and password into the tcb-build task in VS Code?
Hello,
Have you seen this article on private registries?
-Eric
Eric Singer
Toradex
Hello,
Have you seen this article on private registries?
Eric
Eric Singer
Toradex
Hi Eric,
Yes I read that article but it does not mention how to pass credentials to tcbuild.yml for building/bundling. When I use the “–set PASSWORD=mypass” build option I can pass variables in, but the password is echoed to the console when the command is run in VSCode. I edited the VSCode task and the set-env script so that nothing is echoed, and it is working now.
Thanks very much.
Jack