Problem Statement

Currently due to the limitations of oras-go the easiest (and basically the only possible, sensible way) is to deal with Dockder credentials when they are stored as a file. It doesn't provide API for supplying them in this format as a string, []byte or io.Reader, etc. Hence a temporary file is created to supply those credentials, see

https://github.com/Kong/gateway-operator/blob/c87be57a8c2bc74ce07bd8d1d4f9a3c08e26ba8d/controller/kongplugininstallation/image/image.go#L121-L139

It's not the best approach from a security, maintainability, and extensibility point of view.

Proposed Solution

Submit PR to oras-go that will extend the API of this library to be able to consume credentials in Docker's config.json format not only from a file directly but from one of string, []byte or io.Reader.

In case something like that is not an option provide an implementation in KGO codebase.

Acceptance Criteria

• Temporary file is not created as a workaround for dealing with credentials in Docker's config.json format