How to list images in harbor in terminal
search cancel

How to list images in harbor in terminal

book

Article ID: 388936

calendar_today

Updated On:

Products

VMware Tanzu Application Catalog

Issue/Introduction

Harbor provides a web console which is user-friendly and intuitive, users may still want to operate in terminal, which offers power and flexibility that can be indispensable for certain tasks and users. For example, the terminal allows for the automation of repetitive tasks through scripting. You can write scripts to perform complex operations on images stored in Harbor, reducing manual effort and errors.

Resolution

There are two methods listed below. The first one is recommended as there are security risks when the second method is picked up.

1.) Harbor CLI

It is a powerful command-line tool, facilitating seamless interaction with the Harbor container registry. It simplifies various tasks such as creating, updating, and managing projects, registries, and other resources in Harbor.

For example, we can list all projects in this Harbor.

More information about Harbor-CLI can be found at the link below.
2.) Harbor REST API 
 
The Harbor REST API is a set of programmatic interfaces provided by Harbor, an open-source container image registry. It allows users to interact with Harbor programmatically for tasks like managing projects, repositories, users, and more. 
 
We can view and test the Harbor REST API in the terminal with the curl command. A complete reference can be found by using the IP address of your Harbor instance, https://<harbor_ip>/devcenter. 
For detailed information about Harbor REST API, please refer to this link, https://goharbor.io/docs/2.12.0/working-with-projects/using-api-explorer/#access-harbor-rest-api-directly
 
Here is an example.
 
 
Please be noted that the username/password are clear text, which can expose you to the following several security risks:

1. Command History: If you run the command in a terminal, the username and password will be stored in the command history. Anyone with access to your terminal can retrieve these credentials.

2. Process List: While the command is running, the username and password can be visible in the process list. This means that anyone who can view the process list on your system can see your credentials.

3. Logs: If the command is logged by any logging mechanism, the credentials will be stored in the logs, which can be accessed by unauthorized users.

4. Network Traffic: If you are not using HTTPS, the credentials will be sent over the network in plain text, making them susceptible to interception by attackers.

To mitigate these risks, you can use more secure methods such as:

  • Using the `--netrc-file` option to store credentials in a separate file.
  • Using environment variables to pass credentials.
For example, we can reserve credential in a file.

And sensitive information in Curl command is hidden.

Powered by Wolken Software