ssh_auth_podman_push_lib/lib.rs
1// ssh_auth_podman_push/src/lib.rs
2
3// region: auto_md_to_doc_comments include README.md A //!
4//! # ssh_auth_podman_push
5//!
6//! **Store and use encrypted docker-hub secret_token with SSH key**
7//! ***version: 1.1.13 date: 2026-03-06 author: [bestia.dev](https://bestia.dev) repository: [codeberg.org](https://codeberg.org/CRUSTDE-ContainerizedRustDevEnv/ssh_auth_podman_push)***
8//!
9//! 
10//! 
11//! 
12//!
13//! [](https://codeberg.org/CRUSTDE-ContainerizedRustDevEnv/ssh_auth_podman_push/src/main/LICENSE)
14//! [](https://crates.io/crates/ssh_auth_podman_push)
15//! [](https://docs.rs/ssh_auth_podman_push/)
16//! [](https://codeberg.org/CRUSTDE-ContainerizedRustDevEnv/ssh_auth_podman_push)
17//! [](https://bestia.dev/docs/CRUSTDE-ContainerizedRustDevEnv/ssh_auth_podman_push)
18//! 
19//!
20//! 
21//! 
22//! 
23//! 
24//! 
25//!
26//! Hashtags: #maintained #ready-for-use #rustlang #automation #workflow
27//! My projects on GitHub are more like a tutorial than a finished product: [bestia-dev tutorials](https://codeberg.org/bestia-dev/tutorials_rust_wasm).
28//! I recommend using the [CRUSTDE - Containerized Rust Development Environment](https://codeberg.org/CRUSTDE-ContainerizedRustDevEnv/crustde_cnt_img_pod) to write Rust projects on Linux, isolated from your system.
29//!
30//! ## Motivation
31//!
32//! To access docker-hub you need a username+password or an access secret_token.
33//! IMPORTANT: Treat access secret_tokens like your password and keep them secret. Store your secret_tokens securely in a credential manager for example.
34//! Access secret_tokens are impossible to remember for an average human. We need to store them somewhere.
35//! FYI: Podman is an alternative "drop-in replacement" for Docker.
36//! I am sure they both store the docker-hub secret_token for login with the command:
37//!
38//! ```bash
39//! podman login --username user_name docker.io
40//! docker login --username user_name docker.io
41//! ```
42//!
43//! WARNING: Be aware that they store the secret_token in "plain-text" in the file: `${XDG_RUNTIME_DIR}/containers/auth.json`.
44//! Ok, it is not really plain-text, but base64 encoding is not a security feature.
45//! This means that every attacker that can get to this well-known file, can log in to our Docker Hub account. No bueno!!!
46//!
47//! I want to secure this secret_token with encryption with an SSH key.
48//! We have already a lot of experience creating, managing and securing our SSH keys. The private key is secured by a passphrase we can remember and type. Every use of the secret_token will need user interaction to type the passphrase. Very secure.
49//!
50//! If we are very self-confident in our current session, we can store the SSH key in ssh-agent and write our passphrase only once.
51//! WARNING: a dedicated attacker could read from ssh-agent and discover the access secret_token without our user interaction. Use this at your discretion.
52//!
53//! ## Replacement command
54//!
55//! Put the executable `ssh_auth_podman_push` into the folder you intend to use it.
56//! After copying, make it executable with `chmod +x ssh_auth_podman_push`.
57//! Instead of `podman push...` use `ssh_auth_podman_push`.
58//! If it finds the encrypted secret_token it will ask you for the passphrase to the private SSH key.
59//! Else it will ask you to store the encrypted secret_token with the SSH prvate key. It will be secured behind a passphrase as SSH keys do.
60//!
61//! ## Development details
62//!
63//! Read the development details in a separate md file:
64//! [DEVELOPMENT.md](DEVELOPMENT.md)
65//!
66//! ## Releases changelog
67//!
68//! Read the releases changelog in a separate md file:
69//! [RELEASES.md](RELEASES.md)
70//!
71//! ## TODO
72//!
73//! And code happily ever after...
74//!
75//! ## Open-source and free as a beer
76//!
77//! My open-source projects are free as a beer (MIT license).
78//! I just love programming.
79//! But I need also to drink. If you find my projects and tutorials helpful, please buy me a beer by donating to my [PayPal](https://paypal.me/LucianoBestia).
80//! You know the price of a beer in your local bar ;-)
81//! So I can drink a free beer for your health :-)
82//! [Na zdravje!](https://translate.google.com/?hl=en&sl=sl&tl=en&text=Na%20zdravje&op=translate) [Alla salute!](https://dictionary.cambridge.org/dictionary/italian-english/alla-salute) [Prost!](https://dictionary.cambridge.org/dictionary/german-english/prost) [Nazdravlje!](https://matadornetwork.com/nights/how-to-say-cheers-in-50-languages/) 🍻
83//!
84//! [//bestia.dev](https://bestia.dev)
85//! [//github.com/bestia-dev](https://github.com/bestia-dev)
86//! [//bestiadev.substack.com](https://bestiadev.substack.com)
87//! [//youtube.com/@bestia-dev-tutorials](https://youtube.com/@bestia-dev-tutorials)
88//!
89// endregion: auto_md_to_doc_comments include README.md A //!
90
91// access to modules
92mod encrypt_decrypt_with_ssh_key_mod;
93mod error_mod;
94
95use crate::encrypt_decrypt_with_ssh_key_mod as ende;
96
97// `pub use` allows the caller of the lib to access modules functions, structs or all(*)
98pub use ende::docker_io_api_token_mod::docker_io_config_initialize;
99pub use ende::docker_io_api_token_mod::push_to_docker_hub;
100
101// // https://github.com/shiena/ansicolor/blob/master/README.md
102
103/// ANSI color
104#[allow(dead_code)]
105pub const RED: &str = "\x1b[31m";
106/// ANSI color
107#[allow(dead_code)]
108pub const YELLOW: &str = "\x1b[33m";
109/// ANSI color
110#[allow(dead_code)]
111pub const GREEN: &str = "\x1b[32m";
112/// ANSI color
113#[allow(dead_code)]
114pub const RESET: &str = "\x1b[0m";
115/// ANSI color
116#[allow(dead_code)]
117pub const BLUE: &str = "\x1b[34m";