Per #207, there is a more general issue that the cred helper binaries are not installed in either of the manifest-tool container images. This issue will be used to discuss and work on adding the cred helpers to either an existing image or a new image (TBD, thoughts?)

In the interim, or at least until the next release, we can at least provide a contributed Dockerfile that builds a downstream image that supports cred helpers with instructions.

Instead of adding them add tools to the docker image, wouldn't it be possible to import most of them directly? Most helpers are written in go. See the way kaniko does it for example.

That was my point in 207, kaniko implements the cred helpers using go modules so they become part of the binary and it would be awesome if manifest-tool does the same.

To be fair, they also distribute the cred helpers alongside the kaniko executor binary in some images but there is no need for that.

It would be great if cred helpers could be added to the base image.

I opened #230 to add the binary cred helpers to the alpine image. Need to add some instructions on how to use them with the image. Any feedback if users will want them in the static image as well? My initial idea was to keep that image as small as possible, but I know it is the default when using the mplatform/manifest-tool reference, so may be annoying to have to switch image tags to get the cred helpers.

For now, as of v2.1.3 today, the mplatform/manifest-tool:alpine container has all 3 binary credential helpers (ECR, ACR, GCR) for all the supported platforms installed. Happy to discuss if they should be in the other image, but for now I'm going to close this as completed.