feat: Add support for Private docker registries (#16837)

bbernays · web-flow · commit 25d26893f75c · 2024-02-26T14:51:50.000Z
#### Summary - [x] Depends on cloudquery/plugin-pb-go#248 I have verified that this functionality works with AWS ECR and with private Github container registry (ghcr.io) by clearing all local images from docker then running `go run main.go install src.yml` where the source was like this: ``` kind: source spec: name: "typeform" registry: "docker" # docker_registry_auth_token: ${DOCKER_AUTH} # path: "012345678910.dkr.ecr.us-east-2.amazonaws.com/bernays:typeform" path: "ghcr.io/bbernays/typeform:v1.3.0" ```
diff --git a/cli/cmd/install.go b/cli/cmd/install.go
@@ -77,21 +77,23 @@ func installPlugin(cmd *cobra.Command, args []string) error {
 	sourceRegInferred := make([]bool, len(sources))
 	for i, source := range sources {
 		sourcePluginConfigs[i] = managedplugin.Config{
-			Name:     source.Name,
-			Version:  source.Version,
-			Path:     source.Path,
-			Registry: SpecRegistryToPlugin(source.Registry),
+			Name:       source.Name,
+			Version:    source.Version,
+			Path:       source.Path,
+			Registry:   SpecRegistryToPlugin(source.Registry),
+			DockerAuth: source.DockerRegistryAuthToken,
 		}
 		sourceRegInferred[i] = source.RegistryInferred()
 	}
 	destinationPluginConfigs := make([]managedplugin.Config, len(destinations))
 	destinationRegInferred := make([]bool, len(destinations))
 	for i, destination := range destinations {
 		destinationPluginConfigs[i] = managedplugin.Config{
-			Name:     destination.Name,
-			Version:  destination.Version,
-			Path:     destination.Path,
-			Registry: SpecRegistryToPlugin(destination.Registry),
+			Name:       destination.Name,
+			Version:    destination.Version,
+			Path:       destination.Path,
+			Registry:   SpecRegistryToPlugin(destination.Registry),
+			DockerAuth: destination.DockerRegistryAuthToken,
 		}
 		destinationRegInferred[i] = destination.RegistryInferred()
 	}
diff --git a/cli/cmd/migrate.go b/cli/cmd/migrate.go
@@ -80,21 +80,23 @@ func migrate(cmd *cobra.Command, args []string) error {
 	sourceRegInferred := make([]bool, len(sources))
 	for i, source := range sources {
 		sourcePluginConfigs[i] = managedplugin.Config{
-			Name:     source.Name,
-			Version:  source.Version,
-			Path:     source.Path,
-			Registry: SpecRegistryToPlugin(source.Registry),
+			Name:       source.Name,
+			Version:    source.Version,
+			Path:       source.Path,
+			Registry:   SpecRegistryToPlugin(source.Registry),
+			DockerAuth: source.DockerRegistryAuthToken,
 		}
 		sourceRegInferred[i] = source.RegistryInferred()
 	}
 	destinationPluginConfigs := make([]managedplugin.Config, len(destinations))
 	destinationRegInferred := make([]bool, len(destinations))
 	for i, destination := range destinations {
 		destinationPluginConfigs[i] = managedplugin.Config{
-			Name:     destination.Name,
-			Version:  destination.Version,
-			Path:     destination.Path,
-			Registry: SpecRegistryToPlugin(destination.Registry),
+			Name:       destination.Name,
+			Version:    destination.Version,
+			Path:       destination.Path,
+			Registry:   SpecRegistryToPlugin(destination.Registry),
+			DockerAuth: destination.DockerRegistryAuthToken,
 		}
 		destinationRegInferred[i] = destination.RegistryInferred()
 	}
diff --git a/cli/cmd/sync.go b/cli/cmd/sync.go
@@ -147,10 +147,11 @@ func sync(cmd *cobra.Command, args []string) error {
 			opts = append(opts, managedplugin.WithOtelEndpointInsecure())
 		}
 		cfg := managedplugin.Config{
-			Name:     source.Name,
-			Registry: SpecRegistryToPlugin(source.Registry),
-			Version:  source.Version,
-			Path:     source.Path,
+			Name:       source.Name,
+			Registry:   SpecRegistryToPlugin(source.Registry),
+			Version:    source.Version,
+			Path:       source.Path,
+			DockerAuth: source.DockerRegistryAuthToken,
 		}
 		if isolatePluginEnvironment {
 			cfg.Environment = filterPluginEnv(osEnviron, source.Name, "source")
@@ -183,10 +184,11 @@ func sync(cmd *cobra.Command, args []string) error {
 		}
 
 		cfg := managedplugin.Config{
-			Name:     destination.Name,
-			Registry: SpecRegistryToPlugin(destination.Registry),
-			Version:  destination.Version,
-			Path:     destination.Path,
+			Name:       destination.Name,
+			Registry:   SpecRegistryToPlugin(destination.Registry),
+			Version:    destination.Version,
+			Path:       destination.Path,
+			DockerAuth: destination.DockerRegistryAuthToken,
 		}
 		if isolatePluginEnvironment {
 			cfg.Environment = filterPluginEnv(osEnviron, destination.Name, "destination")
diff --git a/cli/cmd/tables.go b/cli/cmd/tables.go
@@ -82,10 +82,11 @@ func tables(cmd *cobra.Command, args []string) error {
 	sourceRegInferred := make([]bool, len(sources))
 	for i, sourceSpec := range sources {
 		pluginConfigs[i] = managedplugin.Config{
-			Name:     sourceSpec.Name,
-			Path:     sourceSpec.Path,
-			Version:  sourceSpec.Version,
-			Registry: SpecRegistryToPlugin(sourceSpec.Registry),
+			Name:       sourceSpec.Name,
+			Path:       sourceSpec.Path,
+			Version:    sourceSpec.Version,
+			Registry:   SpecRegistryToPlugin(sourceSpec.Registry),
+			DockerAuth: sourceSpec.DockerRegistryAuthToken,
 		}
 		sourceRegInferred[i] = sourceSpec.Registry == specs.RegistryUnset
 	}
diff --git a/cli/go.mod b/cli/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/cloudquery/plugin-sdk/v4 v4.30.0
 	github.com/distribution/reference v0.5.0
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/docker/docker v24.0.8+incompatible
+	github.com/docker/docker v25.0.3+incompatible
 	github.com/getsentry/sentry-go v0.24.1
 	github.com/ghodss/yaml v1.0.0
 	github.com/google/go-cmp v0.6.0
@@ -33,7 +33,7 @@ require (
 	golang.org/x/net v0.21.0
 	golang.org/x/sync v0.6.0
 	golang.org/x/term v0.17.0
-	google.golang.org/grpc v1.60.1
+	google.golang.org/grpc v1.61.0
 	google.golang.org/protobuf v1.32.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -58,6 +58,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
+	github.com/containerd/log v0.1.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.16.2 // indirect
@@ -66,10 +67,13 @@ require (
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/flosch/pongo2/v4 v4.0.2 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/gin-gonic/gin v1.9.1 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.18.0 // indirect
@@ -130,6 +134,10 @@ require (
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/yosssi/ace v0.0.5 // indirect
 	github.com/zeebo/xxh3 v1.0.2 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect
+	go.opentelemetry.io/otel v1.23.1 // indirect
+	go.opentelemetry.io/otel/metric v1.23.1 // indirect
+	go.opentelemetry.io/otel/trace v1.23.1 // indirect
 	golang.org/x/arch v0.7.0 // indirect
 	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/mod v0.15.0 // indirect
diff --git a/cli/go.sum b/cli/go.sum
@@ -74,6 +74,8 @@ github.com/cloudquery/plugin-pb-go v1.19.0 h1:QqdIoblmD+42Lv99cIJqkN34vvOWaX6j7S
 github.com/cloudquery/plugin-pb-go v1.19.0/go.mod h1:YSEBZV1O043VqV1OQDtujdOqX9t5IjOwdXP94EersEU=
 github.com/cloudquery/plugin-sdk/v4 v4.30.0 h1:ArgDxga+s5U32afSNzF5v+s7jeYski11Y8uV0240OEw=
 github.com/cloudquery/plugin-sdk/v4 v4.30.0/go.mod h1:Jqd/uO6UdM5/7+JXBXT1onJHoK3Tql9wz9fIADwRG3k=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -86,8 +88,8 @@ github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v24.0.8+incompatible h1:lbGlhLzolo0tpp+paD0JzOYId072MQmQxZLPevQCFPU=
-github.com/docker/docker v24.0.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v25.0.3+incompatible h1:D5fy/lYmY7bvZa0XTZ5/UJPljor41F+vdyJG5luQLfQ=
+github.com/docker/docker v25.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
@@ -100,6 +102,8 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flosch/pongo2/v4 v4.0.2 h1:gv+5Pe3vaSVmiJvh/BZa82b7/00YUGm0PIyVVLop0Hw=
 github.com/flosch/pongo2/v4 v4.0.2/go.mod h1:B5ObFANs/36VwxxlgKpdchIJHMvHB562PW+BWPhwZD8=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
@@ -120,6 +124,11 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -174,6 +183,8 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
 github.com/imkira/go-interpol v1.1.0 h1:KIiKr0VSG2CUW1hl1jpiyuzuJeKUUpC8iM1AIE7N1Vk=
 github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
@@ -395,6 +406,22 @@ github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=
 github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0=
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA=
+go.opentelemetry.io/otel v1.23.1 h1:Za4UzOqJYS+MUczKI320AtqZHZb7EqxO00jAHE0jmQY=
+go.opentelemetry.io/otel v1.23.1/go.mod h1:Td0134eafDLcTS4y+zQ26GE8u3dEuRBiBCTUIRHaikA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 h1:DeFD0VgTZ+Cj6hxravYYZE2W4GlneVH81iAOPjZkzk8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0/go.mod h1:GijYcYmNpX1KazD5JmWGsi4P7dDTTTnfv1UbGn84MnU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.20.0 h1:CsBiKCiQPdSjS+MlRiqeTI9JDDpSuk0Hb6QTRfwer8k=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.20.0/go.mod h1:CMJYNAfooOwSZSAmAeMUV1M+TXld3BiK++z9fqIm2xk=
+go.opentelemetry.io/otel/metric v1.23.1 h1:PQJmqJ9u2QaJLBOELl1cxIdPcpbwzbkjfEyelTl2rlo=
+go.opentelemetry.io/otel/metric v1.23.1/go.mod h1:mpG2QPlAfnK8yNhNJAxDZruU9Y1/HubbC+KyH8FaCWI=
+go.opentelemetry.io/otel/sdk v1.20.0 h1:5Jf6imeFZlZtKv9Qbo6qt2ZkmWtdWx/wzcCbNUlAWGM=
+go.opentelemetry.io/otel/sdk v1.20.0/go.mod h1:rmkSx1cZCm/tn16iWDn1GQbLtsW/LvsdEEFzCSRM6V0=
+go.opentelemetry.io/otel/trace v1.23.1 h1:4LrmmEd8AU2rFvU1zegmvqW7+kWarxtNOPyeL6HmYY8=
+go.opentelemetry.io/otel/trace v1.23.1/go.mod h1:4IpnpJFwr1mo/6HL8XIPJaE9y0+u1KcVmuW7dwFSVrI=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.7.0 h1:pskyeJh/3AmoQ8CPE95vxHLqp1G1GfGNXTmcl9NEKTc=
 golang.org/x/arch v0.7.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
@@ -490,10 +517,13 @@ golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6f
 gonum.org/v1/gonum v0.12.0 h1:xKuo6hzt+gMav00meVPUlXwSdoEJP46BR+wdxQEFK2o=
 gonum.org/v1/gonum v0.12.0/go.mod h1:73TDxJfAAHeA8Mk9mf8NlIppyhQNo5GLTcYeqgo2lvY=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20240116215550-a9fa1716bcac h1:ZL/Teoy/ZGnzyrqK/Optxxp2pmVh+fmJ97slxSRyzUg=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8=
+google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe h1:bQnxqljG/wqi4NTXu2+DJ3n7APcEA882QZ1JvhQAq9o=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
-google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
-google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0=
+google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
diff --git a/cli/internal/specs/v0/metadata.go b/cli/internal/specs/v0/metadata.go
@@ -29,6 +29,9 @@ type Metadata struct {
 	// Registry can be "", "github", "local", "grpc", "docker", "cloudquery"
 	Registry Registry `json:"registry,omitempty" jsonschema:"default=cloudquery"`
 
+	// DockerRegistryAuthToken is the token to use to authenticate with the docker registry
+	DockerRegistryAuthToken string `json:"docker_registry_auth_token,omitempty"`
+
 	// registryInferred is a flag that indicates whether the registry was inferred from an empty value
 	registryInferred bool
 }
diff --git a/cli/internal/specs/v0/schema.json b/cli/internal/specs/v0/schema.json
diff --git a/website/pages/docs/reference/source-spec.md b/website/pages/docs/reference/source-spec.md
@@ -46,6 +46,40 @@ The name field may be used to uniquely identify a particular source configuratio
 - `grpc`: mostly useful in debug mode when plugin is already running in a different terminal, CloudQuery will connect to the gRPC plugin server directly without spawning the process.
 - `docker`: CloudQuery will run the plugin in a Docker container. This is most useful for plugins written in Python, as they do not support the `local`, `github` and `cloudquery` registries.
 
+<!-- vale off -->
+
+### docker_registry_auth_token
+
+<!-- vale on -->
+
+(`string`, optional, default: `""`, introduced in CLI `v5.7.0`)
+
+Authentication token for private Docker container registries. This is required if the plugin is hosted in a private Docker container registry. The token should be a valid Docker registry token that can be used to pull the plugin image. This option is only relevant when `registry` is set to `docker`. The token is a base64 encoded string. Here is an example of how to generate the token:
+
+```shell
+echo -n "{\"username\":\"<REPLACE_WITH_PASSWORD>\",\"password\":\"<REPLACE_WITH_PASSWORD>\"}" | base64`
+```
+Details about specific private container registries:
+
+AWS ECR:
+The username is `AWS` and you can get the password by running `aws ecr get-login-password --region <region>`. Replace `<region>` with the region where the ECR is located.
+
+Generating the token for AWS ECR would look like this:
+
+```shell
+echo -n "{\"username\":\"AWS\",\"password\":\"$(aws ecr get-login-password --region <REGION>)\"}" | base64
+```
+
+GitHub Container Registry:
+The username is `USERNAME` and you use a personal access token as the password. More information can be found [here](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic)
+
+Generating the token for GitHub Container Registry would look like this:
+
+```shell
+export CR_PAT=YOUR_TOKEN
+echo -n "{\"username\":\"USERNAME\",\"password\":\"$CR_PAT\"}" | base64
+```
+
 ### path
 
 (`string`, required)

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,9 @@ type Metadata struct {`
`29`	`29`	`// Registry can be "", "github", "local", "grpc", "docker", "cloudquery"`
`30`	`30`	Registry Registry `json:"registry,omitempty" jsonschema:"default=cloudquery"`
`31`	`31`
	`32`	`+ // DockerRegistryAuthToken is the token to use to authenticate with the docker registry`
	`33`	+ DockerRegistryAuthToken string `json:"docker_registry_auth_token,omitempty"`
	`34`	`+`
`32`	`35`	`// registryInferred is a flag that indicates whether the registry was inferred from an empty value`
`33`	`36`	`registryInferred bool`
`34`	`37`	`}`