25

First, I installed AWS-CLI and I already used "AWS configure" to set up my secret key and I also used "Docker login" command to log in and I got success and when I typed Get-ECRLoginCommand. It works and returns the result for me.

But when I try to use the command :

(Get-ECRLoginCommand).Password | docker login --username AWS --password-stdin 837859123533.dkr.ecr.ap-east-1.amazonaws.com/spring-boot

I got an error that looks like this:

Error saving credentials: error storing credentials - err: exit status 1, out: error storing credentials - err: exit status 1, out:The stub received bad data.``

sashoalm
  • 75,001
  • 122
  • 434
  • 781
PangSoramDepo
  • 251
  • 1
  • 3
  • 4
  • did you find a way to fix this? I'm having the same issue... – Joelster Jul 01 '20 at 13:58
  • 1
    After a bit more research it seems the issue has something to do with the token size being larger than most credential managers can handle. See this discussion for details and possible workaround: https://github.com/Azure/azure-cli/issues/4843#issuecomment-342712079 – Joelster Jul 01 '20 at 14:51
  • I have added a solution for the above issue: https://stackoverflow.com/a/74342675/9150731 Hope it would help! – Khushal Vyas Nov 07 '22 at 06:27

9 Answers9

39

Edit: Also see Ethan Davis's solution:

I found that removing C:\Program Files\Docker\Docker\resources\bin\docker-credential-desktop.exe and C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe worked for me. – Ethan Davis Sep 29 '20 at 18:10

Original: The solution linked by Joelster's comment worked for me.

One quick workaround is to modify .docker\config.json file. Remove the following line so docker will use file system to store tokens:

          "credsStore": "wincred"

I opened the file c:\Users\sashoalm\.docker\config.json, and I deleted the "credsStore" key. After that this worked:

type pass.txt | docker login -u AWS --password-stdin https://123123.dkr.ecr.us-west-1.amazonaws.com

And the output was this:

WARNING! Your password will be stored unencrypted in C:\Users\sashoalm\.docker\config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
sashoalm
  • 75,001
  • 122
  • 434
  • 781
  • This did not work for me. Is there any alternative? – Ramineni Ravi Teja Sep 25 '20 at 11:28
  • Not that I know of. If you find any solution, please come back and write it here so other people will know. – sashoalm Sep 26 '20 at 07:33
  • 16
    I found that removing `C:\Program Files\Docker\Docker\resources\bin\docker-credential-desktop.exe` and `C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe` worked for me. – Ethan Davis Sep 29 '20 at 18:10
  • 3
    The above mentioned solution worked for me too. Thank you so much sashoalm. – Murali Krishna Oct 09 '20 at 11:33
  • 1
    Slick solution and time saving passing this blocking issue, now login credentials are stored in the docker config.json as it should be. Thanks a lot for sharing – Wolfium Nov 25 '20 at 00:11
  • 3
    Worked for me (windows 10 + Docker desktop): renaming all 3 docker-credential-{desktop|ecr-login|wincred}.exe _and_ making config.json a totally empty `{}`. I had done a Docker desktop restart and that had populated config.json with `{"credStore":"desktop","credsStore":"desktop"}` which I removed. – peter_v Dec 09 '20 at 14:49
  • 2
    Thanks. By removing "credsStore": "wincred" from C:\Users\norman\.docker\config.json worked for me!!! – user3761555 Jun 10 '21 at 03:47
  • 1
    Thanks for this sashoalm, you put me on to the right path. I was using Docker (WSL2 falvour) and WSL2 Ubuntu, so I ended up removing this config file from inside the WSL2 docker container which was ~/.docker/config.json (I actually wasn't that brave, and just renamed it .bak!) – Baza86 Sep 09 '21 at 22:43
  • In my case it simply worked to remove `"credsStore": "desktop.exe"` from my `~/.docker/config.json` file – Takeshi Gitano Apr 28 '23 at 15:10
14

As of today's date, this issue still persists. Below are the things I discovered-

1.) This problem shows up while using SSOs for authentication. I am using Azure SSO for AWS.(https://www.npmjs.com/package/aws-azure-login)

2.) The reason is- The token returned from SSOs is long enough(more than 2550 characters) where as windows credential manager does not support such long tokens.

3.) If you use ECR credential helper (https://github.com/awslabs/amazon-ecr-credential-helper), sadly it also does not seem to work with SSOs- https://github.com/awslabs/amazon-ecr-credential-helper/issues/229

However, I followed these steps as a workaround & I'm on Windows-

1.) Remove/Rename the "docker-credential-wincred.exe" file located in "C:\Program Files\Docker\Docker\resources\bin" directory.

2.) Remove the "credStore" & "credsStore" keys from the docker config(C:\Users\PROFILE_NAME\.docker\config.json).

I get the following response-

WARNING! Your password will be stored unencrypted in C:\Users\sandeep.kumar\.docker\config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
  • Tickets opened to address this issue-

https://github.com/danieljoos/wincred/issues/18

https://github.com/aws/aws-cli/issues/5636

Sandeep
  • 145
  • 1
  • 4
3

As @Ethan Davis mentioned, removing the following files helped me:

  • C:\Program Files\Docker\Docker\resources\bin\docker-credential-desktop.exe
  • C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe
Rene B.
  • 6,557
  • 7
  • 46
  • 72
  • 1
    But now I face this issue: Error saving credentials: error storing credentials - err: exit status 1, out: `error getting credentials - err: docker-credential-wincred.exe resolves to executable in current directory (.\docker-credential-wincred.exe), out: ``` – Kasir Barati Feb 02 '23 at 10:16
3

from another thread - Docker Login failure on Mac OS X solution helps on Mac-os : mv ~/.docker ~/.docker.bak

OcMaRUS
  • 329
  • 3
  • 13
2

Both solutions worked for me, delete file C: \ Program Files \ Docker \ Docker \ resources \ bin \ docker-credential-desktop.exe and C: \ Program Files \ Docker \ Docker \ resources \ bin \ docker-credential-wincred. exe and delete {"credsStore": "...."} then my structure is as follows in the config.json file

{
  "auths": {
     "Account_AWS.dkr.ecr.Region_AWS.amazonaws.com": {
         "auth": "My token"
     }
  },
  "HttpHeaders": {
    "User-Agent": "Docker-Client / 19.03.13 (windows)"
  },
  "stackOrchestrator": "swarm"
}
sashoalm
  • 75,001
  • 122
  • 434
  • 781
JuanSe Silva
  • 31
  • 1
  • Deleting the credential helper is a really bad idea - this will create problems further down the line. – Lars Dec 04 '20 at 14:51
2

Fixed by just deleted "credsStore": "desktop" in config.json file.

Seba
  • 59
  • 1
  • 6
1

Nothing worked for me, so I installed the Amazon ECR Docker Credential Helper, so you do not need to docker login at all.

choco install amazon-ecr-credential-helper

Place the docker-credential-ecr-login binary on your PATH and set the contents of your ~/.docker/config.json file to be:

{
    "credsStore": "ecr-login"
}

Official Repo: https://github.com/awslabs/amazon-ecr-credential-helper

Edit: In Windows you can download the amazon-ecr-credential-helper from here https://github.com/awslabs/amazon-ecr-credential-helper/releases and install it as described here: https://pulseadvancedmedia.co.uk/aws/setting-up-aws-ecr-credential-helper-in-windows/

Rene B.
  • 6,557
  • 7
  • 46
  • 72
HeikoG
  • 861
  • 10
  • 11
  • I am using this in git bash on windows. – HeikoG Dec 04 '20 at 10:30
  • You can install amazon-ecr-credential-helper as described here: https://pulseadvancedmedia.co.uk/aws/setting-up-aws-ecr-credential-helper-in-windows/ – Rene B. Feb 02 '23 at 11:10
1

With the most recent version of Docker amazon-ecr-credential-helper is installed alongside it.

So you only need to activate it by modifying your config.json file, found in %userprofile%/.docker/config.json or ~/.docker/config.json.

Set the contents of your config.json to be:

{
    "credsStore": "ecr-login"
}

Alternatively you can also set the contents to:

{
  "auths": {
    "XXXXXXXXXXXX.dkr.ecr.ap-east-1.amazonaws.com": {
      "auth": ""
    }
  }
}

(Where XXXXXXXXXXXX is the AWS Account number, ap-east-1 is the region of choice, and auth is left blank).

Now if you repeat the docker login --username AWS XXXXXXXXXXXX.dkr.ecr.ap-east-1.amazonaws.com then it will succeed this time.

The full instructions can be found on Amazon's amazon-ecr-credential-helper page.

steve
  • 11
  • 3
1

August 2023

I've also face similar error and following all helps from this page. I'm using windows 10.

I've tried removing and/or changing the name of this file(s) from this dir C:\Program Files\Docker\Docker\resources\bin:
  • docker-credential-desktop.exe
  • docker-credential-ecr-login.exe
  • docker-credential-wincred.exe
I've also tried to delete the credStore and credStore from C:\Users\XXXX\.docker

Deleting the 3 files above works but in my case everytime I open Docker it prompts that my wincred is missing and my Dockerhub is not connected.

My workaround is I'm just deleting the config.json file from C:\Users\XXXX\.docker without changing or deleting the 3 files above. That prevents the Dockerhub to disconnect and still be able to save AWS Configuration

Michael Halim
  • 262
  • 2
  • 20