oras-project · Wwwsylvia · Sep 25, 2023 · Sep 22, 2023 · Sep 22, 2023 · Sep 22, 2023
@@ -1,7 +1,5 @@
 # Credential Management for [oras-go](https://github.com/oras-project/oras-go)
 
-> **Warning** This project is currently under initial development. APIs may and will be changed incompatibly from one commit to another.
-
 [![Build Status](https://github.com/oras-project/oras-credentials-go/actions/workflows/build.yml/badge.svg?event=push&branch=main)](https://github.com/oras-project/oras-credentials-go/actions/workflows/build.yml?query=workflow%3Abuild+event%3Apush+branch%3Amain)
 [![codecov](https://codecov.io/gh/oras-project/oras-credentials-go/branch/main/graph/badge.svg)](https://codecov.io/gh/oras-project/oras-credentials-go)
 [![Go Report Card](https://goreportcard.com/badge/github.com/oras-project/oras-credentials-go)](https://goreportcard.com/report/github.com/oras-project/oras-credentials-go)
@@ -13,7 +11,10 @@
 
 `oras-credentials-go` is a credential management library designed for [`oras-go`](https://github.com/oras-project/oras-go). It supports reading, saving, and removing credentials from Docker configuration files and external credential stores that follow the [Docker credential helper protocol](https://docs.docker.com/engine/reference/commandline/login/#credential-helper-protocol).
 
-Once it reaches a fairly stable version (e.g. `v1.0.0-rc.1`), `oras-credentials-go` will be merged into `oras-go` (See [discussion](https://github.com/oras-project/oras-credentials-go/discussions/80)). After that, this repository will be archived.
+> [!IMPORTANT]
+> The APIs previously located in this library have been moved to [`oras-go`](https://github.com/oras-project/oras-go). As a result, these APIs are now deprecated and users should use the packages in `oras-go` instead.
+>
+> This repository will now be used for developing experimental features scoped to credentials management. If any of these features are deemed stable and applicable to `oras-go`, they may be moved there in the future.
 
 ## Versioning
 

@@ -29,6 +29,9 @@ import (
 // to keep the credentials in plain-text.
 //
 // Reference: https://docs.docker.com/engine/reference/commandline/cli/#docker-cli-configuration-file-configjson-properties
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 type FileStore struct {
 	// DisablePut disables putting credentials in plaintext.
 	// If DisablePut is set to true, Put() will return ErrPlaintextPutDisabled.
@@ -40,15 +43,24 @@ type FileStore struct {
 var (
 	// ErrPlaintextPutDisabled is returned by Put() when DisablePut is set
 	// to true.
+	//
+	// Deprecated: This type is deprecated.
+	// The same functionality is now provided by oras-go.
 	ErrPlaintextPutDisabled = errors.New("putting plaintext credentials is disabled")
 	// ErrBadCredentialFormat is returned by Put() when the credential format
 	// is bad.
+	//
+	// Deprecated: This type is deprecated.
+	// The same functionality is now provided by oras-go.
 	ErrBadCredentialFormat = errors.New("bad credential format")
 )
 
 // NewFileStore creates a new file credentials store.
 //
 // Reference: https://docs.docker.com/engine/reference/commandline/cli/#docker-cli-configuration-file-configjson-properties
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewFileStore(configPath string) (*FileStore, error) {
 	cfg, err := config.Load(configPath)
 	if err != nil {
@@ -63,12 +75,18 @@ func newFileStore(cfg *config.Config) *FileStore {
 }
 
 // Get retrieves credentials from the store for the given server address.
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (fs *FileStore) Get(_ context.Context, serverAddress string) (auth.Credential, error) {
 	return fs.config.GetCredential(serverAddress)
 }
 
 // Put saves credentials into the store for the given server address.
 // Returns ErrPlaintextPutDisabled if fs.DisablePut is set to true.
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (fs *FileStore) Put(_ context.Context, serverAddress string, cred auth.Credential) error {
 	if fs.DisablePut {
 		return ErrPlaintextPutDisabled
@@ -81,6 +99,9 @@ func (fs *FileStore) Put(_ context.Context, serverAddress string, cred auth.Cred
 }
 
 // Delete removes credentials from the store for the given server address.
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (fs *FileStore) Delete(_ context.Context, serverAddress string) error {
 	return fs.config.DeleteCredential(serverAddress)
 }

@@ -23,16 +23,25 @@ import (
 )
 
 // MemoryStore is a store that keeps credentials in memory.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 type MemoryStore struct {
 	store sync.Map
 }
 
 // NewMemoryStore creates a new in-memory credentials store.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewMemoryStore() *MemoryStore {
 	return &MemoryStore{}
 }
 
 // Get retrieves credentials from the store for the given server address.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func (ms *MemoryStore) Get(_ context.Context, serverAddress string) (auth.Credential, error) {
 	cred, found := ms.store.Load(serverAddress)
 	if !found {
@@ -42,12 +51,18 @@ func (ms *MemoryStore) Get(_ context.Context, serverAddress string) (auth.Creden
 }
 
 // Put saves credentials into the store for the given server address.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func (ms *MemoryStore) Put(_ context.Context, serverAddress string, cred auth.Credential) error {
 	ms.store.Store(serverAddress, cred)
 	return nil
 }
 
 // Delete removes credentials from the store for the given server address.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func (ms *MemoryStore) Delete(_ context.Context, serverAddress string) error {
 	ms.store.Delete(serverAddress)
 	return nil

@@ -57,6 +57,9 @@ type nativeStore struct {
 //
 // Reference:
 //   - https://docs.docker.com/engine/reference/commandline/login#credentials-store
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewNativeStore(helperSuffix string) Store {
 	return &nativeStore{
 		exec: executer.New(remoteCredentialsPrefix + helperSuffix),
@@ -72,6 +75,9 @@ func NewNativeStore(helperSuffix string) Store {
 //
 // Reference:
 //   - https://docs.docker.com/engine/reference/commandline/login/#credentials-store
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewDefaultNativeStore() (Store, bool) {
 	if helper := getDefaultHelperSuffix(); helper != "" {
 		return NewNativeStore(helper), true

@@ -26,12 +26,18 @@ import (
 
 // ErrClientTypeUnsupported is thrown by Login() when the registry's client type
 // is not supported.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 var ErrClientTypeUnsupported = errors.New("client type not supported")
 
 // Login provides the login functionality with the given credentials. The target
 // registry's client should be nil or of type *auth.Client. Login uses
 // a client local to the function and will not modify the original client of
 // the registry.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func Login(ctx context.Context, store Store, reg *remote.Registry, cred auth.Credential) error {
 	// create a clone of the original registry for login purpose
 	regClone := *reg
@@ -60,6 +66,9 @@ func Login(ctx context.Context, store Store, reg *remote.Registry, cred auth.Cre
 }
 
 // Logout provides the logout functionality given the registry name.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func Logout(ctx context.Context, store Store, registryName string) error {
 	registryName = ServerAddressFromRegistry(registryName)
 	if err := store.Delete(ctx, registryName); err != nil {
@@ -69,6 +78,9 @@ func Logout(ctx context.Context, store Store, registryName string) error {
 }
 
 // Credential returns a Credential() function that can be used by auth.Client.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func Credential(store Store) func(context.Context, string) (auth.Credential, error) {
 	return func(ctx context.Context, reg string) (auth.Credential, error) {
 		reg = ServerAddressFromHostname(reg)
@@ -83,6 +95,9 @@ func Credential(store Store) func(context.Context, string) (auth.Credential, err
 // a key for credentials store. The Docker CLI expects that the credentials of
 // the registry 'docker.io' will be added under the key "https://index.docker.io/v1/".
 // See: https://github.com/moby/moby/blob/v24.0.2/registry/config.go#L25-L48
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func ServerAddressFromRegistry(registry string) string {
 	if registry == "docker.io" {
 		return "https://index.docker.io/v1/"
@@ -94,6 +109,9 @@ func ServerAddressFromRegistry(registry string) string {
 // a key for credentials store. It is expected that the traffic targetting the
 // host "registry-1.docker.io" will be redirected to "https://index.docker.io/v1/".
 // See: https://github.com/moby/moby/blob/v24.0.2/registry/config.go#L25-L48
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func ServerAddressFromHostname(hostname string) string {
 	if hostname == "registry-1.docker.io" {
 		return "https://index.docker.io/v1/"

@@ -13,6 +13,10 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Deprecated: This package is deprecated.
+// The same functionality is now provided by [oras-go].
+//
+// [oras-go]: https://pkg.go.dev/oras.land/oras-go/v2/registry/remote/credentials
 package credentials
 
 import (
@@ -33,6 +37,9 @@ const (
 )
 
 // Store is the interface that any credentials store must implement.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 type Store interface {
 	// Get retrieves credentials from the store for the given server address.
 	Get(ctx context.Context, serverAddress string) (auth.Credential, error)
@@ -44,6 +51,9 @@ type Store interface {
 
 // DynamicStore dynamically determines which store to use based on the settings
 // in the config file.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 type DynamicStore struct {
 	config             *config.Config
 	options            StoreOptions
@@ -52,6 +62,9 @@ type DynamicStore struct {
 }
 
 // StoreOptions provides options for NewStore.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 type StoreOptions struct {
 	// AllowPlaintextPut allows saving credentials in plaintext in the config
 	// file.
@@ -89,6 +102,9 @@ type StoreOptions struct {
 // References:
 //   - https://docs.docker.com/engine/reference/commandline/login/#credentials-store
 //   - https://docs.docker.com/engine/reference/commandline/cli/#docker-cli-configuration-file-configjson-properties
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewStore(configPath string, opts StoreOptions) (*DynamicStore, error) {
 	cfg, err := config.Load(configPath)
 	if err != nil {
@@ -115,6 +131,9 @@ func NewStore(configPath string, opts StoreOptions) (*DynamicStore, error) {
 // References:
 //   - https://docs.docker.com/engine/reference/commandline/cli/#configuration-files
 //   - https://docs.docker.com/engine/reference/commandline/cli/#change-the-docker-directory
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewStoreFromDocker(opt StoreOptions) (*DynamicStore, error) {
 	configPath, err := getDockerConfigPath()
 	if err != nil {
@@ -124,13 +143,19 @@ func NewStoreFromDocker(opt StoreOptions) (*DynamicStore, error) {
 }
 
 // Get retrieves credentials from the store for the given server address.
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (ds *DynamicStore) Get(ctx context.Context, serverAddress string) (auth.Credential, error) {
 	return ds.getStore(serverAddress).Get(ctx, serverAddress)
 }
 
 // Put saves credentials into the store for the given server address.
 // Put returns ErrPlaintextPutDisabled if native store is not available and
 // [StoreOptions].AllowPlaintextPut is set to false.
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (ds *DynamicStore) Put(ctx context.Context, serverAddress string, cred auth.Credential) (returnErr error) {
 	if err := ds.getStore(serverAddress).Put(ctx, serverAddress, cred); err != nil {
 		return err
@@ -147,6 +172,9 @@ func (ds *DynamicStore) Put(ctx context.Context, serverAddress string, cred auth
 }
 
 // Delete removes credentials from the store for the given server address.
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (ds *DynamicStore) Delete(ctx context.Context, serverAddress string) error {
 	return ds.getStore(serverAddress).Delete(ctx, serverAddress)
 }
@@ -158,6 +186,9 @@ func (ds *DynamicStore) Delete(ctx context.Context, serverAddress string) error
 //   - The "credsStore" field is not empty
 //   - Or the "credHelpers" field is not empty
 //   - Or there is any entry in the "auths" field
+//
+// Deprecated: This method is deprecated.
+// The same functionality is now provided by oras-go.
 func (ds *DynamicStore) IsAuthConfigured() bool {
 	return ds.config.IsAuthConfigured()
 }
@@ -214,6 +245,9 @@ type storeWithFallbacks struct {
 //     credentials in any of the stores.
 //   - Put() saves the credentials into the primary store.
 //   - Delete() deletes the credentials from the primary store.
+//
+// Deprecated: This function is deprecated.
+// The same functionality is now provided by oras-go.
 func NewStoreWithFallbacks(primary Store, fallbacks ...Store) Store {
 	if len(fallbacks) == 0 {
 		return primary

@@ -13,6 +13,10 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+// Deprecated: This package is deprecated.
+// The same functionality is now provided by [oras-go].
+//
+// [oras-go]: https://pkg.go.dev/oras.land/oras-go/v2/registry/remote/credentials/trace
 package trace
 
 import (
@@ -25,6 +29,9 @@ type executableTraceContextKey struct{}
 
 // ExecutableTrace is a set of hooks used to trace the execution of binary
 // executables. Any particular hook may be nil.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 type ExecutableTrace struct {
 	// ExecuteStart is called before the execution of the executable. The
 	// executableName parameter is the name of the credential helper executable
@@ -48,6 +55,9 @@ type ExecutableTrace struct {
 
 // ContextExecutableTrace returns the ExecutableTrace associated with the
 // context. If none, it returns nil.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 func ContextExecutableTrace(ctx context.Context) *ExecutableTrace {
 	trace, _ := ctx.Value(executableTraceContextKey{}).(*ExecutableTrace)
 	return trace
@@ -57,6 +67,9 @@ func ContextExecutableTrace(ctx context.Context) *ExecutableTrace {
 // Context with the ExecutableTrace added as a Value. If the Context has a
 // previously added trace, the hooks defined in the new trace will be added
 // in addition to the previous ones. The recent hooks will be called first.
+//
+// Deprecated: This type is deprecated.
+// The same functionality is now provided by oras-go.
 func WithExecutableTrace(ctx context.Context, trace *ExecutableTrace) context.Context {
 	if trace == nil {
 		return ctx