This post will describe how to setup a docker registry using distribution/distribution to allow for “passwordless” authentication. Now of course, this is not actually passwordless, there’s still a password. But we can (ab)use the fact that both GitLab CI and GitHub Actions give you a JWT signed by the platform, valid for the duration of the run. Setup # Preparing authentik # Setting up federation - GitHub # Create an OpenID Connect Source and set the JWKS URL to https://token.
