Bitbucket Pipelines: pulling an image from GCR with environment variables fails

Question

So I'm trying to use an image from my Google Container Registry, since this is a private registry I need to authenticate.

Obviously I don't want to renew my auth token every hour to make my pipelines work, so I need to go for the json key file.

It works when I define the image as follows:

image:
   name: eu.gcr.io/project_id/image:latest
   username: _json_key
   password: >
      {JSON file content}
   email: pipelines@bitbucket.com

But that means your json key file is out in the open available for everyone with access to the pipelines fine to see, not what I'd like.

Then I've put the contents of the JSON file into an Environment Variable and replaced the actual json with the environment variable as follows:

image:
   name: eu.gcr.io/project_id/image:latest
   username: _json_key
   password: >
      ${JSON_KEY}
   email: pipelines@bitbucket.com

Somehow in the second scenario it doesn't work :(

I've also placed it here: https://bitbucket.org/site/master/issues/13869/problem-with-environment-variables-while — TheWolfNL, Feb 20 '17 at 09:39
How did you manage to set the env var? As the JSON key I have from GCP contains newlines - do I just remove these? — Chris Stryczynski, Nov 06 '17 at 11:38
If I remember correctly, bitbucket will automatically remove those, so you should be able to just copy paste into the ENV variable in bitbucket's pipeline config. (repo -> settings -> under header "pipelines" - Environment variables) — TheWolfNL, Nov 06 '17 at 12:25

score 10 · Accepted Answer · edited Nov 07 '17 at 11:30

10

After some more testing, I found that this worked:

image:
   name: eu.gcr.io/project_id/image:latest
   username: _json_key
   password: '$JSON_KEY'

edited Nov 07 '17 at 11:30

Chris Stryczynski

answered Feb 23 '17 at 15:56

TheWolfNL

1 Answers1