As the source for install or upgrade can be an OCI image and sometimes those are behind a private container registry, Kairos implements the default basic authentication used by docker for private registries. To install/upgrade with a container image behind a registry with authentication, Kairos reads the following files in order to find about registry auth: ${XDG_CONFIG_HOME}/.docker/config.json If set, DOCKER_CONFIG environment variable which points to a directory as per the docs.
