How to log into an Azure Container Registry using Podman CLI

Introduction

After replacing my resource-heavy Docker Desktop setup with Podman, I encountered the following issue when logging into an Azure Container Registry using my Azure Entra ID.

$ az login
$ az acr login --name crfoobar
2023-11-21 06:34:31.990676 An error occurred: DOCKER_COMMAND_ERROR
Please verify if Docker client is installed and running.

When logging into an ACR with az acr login, the Azure CLI reuses the token fetched by the previous az login command and sets it in the docker.config file.

The Docker CLI and Docker daemon must be installed and running for this to work. Simply creating an alias from docker to podman is not enough here!

Set-Alias -Name docker -Value podman

Solution

The trick is to expose the fetched access token, store it, and pass it to the Podman CLI with a dummy user ID. Here is how:

$token = az acr login --name crfoobar --expose-token --output tsv --query accessToken
$user = "00000000-0000-0000-0000-000000000000"

podman login crfoobar.azurecr.io -u $user -p $token

Since the token expires every 3 hours, I suggest adding this as a script to your $profile like so:

# ... 

Function Login-Podman {
  [CmdletBinding()]
  Param (
    [string]$registry = "crfoobar",
    [string]$subscription = "MYSUBSCRIPTION"
  )

  ($token = az acr login --name $registry --expose-token --output tsv --query accessToken --subscription $subscription) *>$Null 
  $user = "00000000-0000-0000-0000-000000000000"

  podman login "${registry}.azurecr.io" -u $user -p $token
}

$profile

After reloading your profile, you can issue Login-Podman , and you're done! 💪🏽

Thanks for reading! Happy hacking 🤓

Further reading

Registry authentication options - Azure Container Registry
Authentication options for a private Azure container registry, including signing in with a Microsoft Entra identity, using service principals, and using optional admin credentials.
Getting Started with Podman | Podman
Podman logoPodman logo