Adjust docs mentioning auth.d directory with drop-in files.

Signed-off-by: Ina Panova <[email protected]>
containers · Oct 25, 2024 · 78e97ef · 78e97ef
1 parent 9f082da
commit 78e97ef
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/docs/containers-auth.json.5.md b/docs/containers-auth.json.5.md
@@ -5,22 +5,24 @@ containers-auth.json - syntax for the registry authentication file
 
 # DESCRIPTION
 
-A credentials file in JSON format used to authenticate against container image registries.
+A file in JSON format controlling authentication against container image registries.
 The primary (read/write) per-user file is stored at `${XDG_RUNTIME_DIR}/containers/auth.json` on Linux;
 on Windows and macOS, at `$HOME/.config/containers/auth.json`.
 
-There is also a system-global `/etc/containers/auth.json` path.  When the current process is executing inside systemd as root, this path will be preferred.
+There is also a system-global `/etc/containers/auth.json` path and `/etc/containers/auth.d/` directory with drop-in per-repo files.
+When the current process is executing inside systemd as root, these paths will be preferred.
+Drop-ins always have higher precedence than the configuration file they refer to. Drop-ins are sorted in the lexicographic order. The drop-ins that are later in this order have higher precedence.
 
 When running as a user and searching for the credential for a registry, the following files will be read in sequence until the valid credential is found:
 first reading the primary (read/write) file, or the explicit override using an option of the calling application.
 If credentials are not present there,
 the search continues in `${XDG_CONFIG_HOME}/containers/auth.json` (usually `~/.config/containers/auth.json`), `$HOME/.docker/config.json`, `$HOME/.dockercfg`.
 
-If the current process is not running in systemd, but is running as root, the system-global `/etc/containers/auth.json` path will be read last.
+If the current process is not running in systemd, but is running as root, the system-global `/etc/containers/auth.json` path  and `/etc/containers/auth.d/` directory will be read last.
 
-Except the primary (read/write) file, other files are read-only, unless the user use an option of the calling application explicitly points at it as an override.
+Except for the primary (read/write) file, other files are read-only unless the user, using an option of the calling application, explicitly points at it as an override.
 
-Note that the `/etc/containers/auth.json` file must not be readable by group or world (i.e. mode `044`), or a fatal error will occur.
+Note that the `/etc/containers/auth.json` file and drop-in files from `/etc/containers/auth.d/` directory must not be readable by group or world (i.e. mode `044`), or a fatal error will occur.
 
 ## FORMAT