Harbor CLI secret only works during active user session
I am currently supporting a a Navy-sponsored Open Source project hosted on GitHub. (https://github.com/NUWCDIVNPT/stig-manager) We would like to base our image off of the Iron Bank NodeJS 14 image, but we are unable to automate this process because Harbor CLI secret provided only works while I have an active session in Harbor. We can pull at first, but as soon as my session is timed out, our CLI docker pull is rejected. If I log back in, the same CLI secret works fine again (depending on when I log back in, I don't even get prompted for MFA again).
Is this the intended behavior? Are we not using the Iron Bank resource in the expected way?
Is there an alternative way to base our images on the current Iron Bank NodeJS image, besides downloading it manually? We have considered re-hosting it on our Docker Hub site, but that will require additional maintenance to keep it up to date.
Your documentation for consumers of these images notes we should use the secret provided, but not the limitation I mentioned above: Note: Downloading from the CLI requires the user to first log into Harbor registry via the website interface then retrieve their username and CLI secret by clicking on their name in the upper right corner. Provide these credentials to your CLI tool for proper access.
Thanks!