Encourage registry password from ENV

lib/mrsk/cli/templates/deploy.yml

@@ -13,7 +13,8 @@ registry:
   # Specify the registry server, if you're not using Docker Hub
   # server: registry.digitalocean.com / ghcr.io / ...
   username: my-user
-  password: my-password-should-go-somewhere-safe
+  password:
+    - MRSK_REGISTRY_PASSWORD
 
 # Inject ENV variables into containers (secrets come from .env).
 # env:

lib/mrsk/commands/registry.rb

@@ -2,10 +2,19 @@ class Mrsk::Commands::Registry < Mrsk::Commands::Base
   delegate :registry, to: :config
 
   def login
-    docker :login, registry["server"], "-u", redact(registry["username"]), "-p", redact(registry["password"])
+    docker :login, registry["server"], "-u", redact(registry["username"]), "-p", redact(lookup_password)
   end
 
   def logout
     docker :logout, registry["server"]
   end
+
+  private
+    def lookup_password
+      if registry["password"].is_a?(Array)
+        ENV.fetch(registry["password"].first).dup
+      else
+        registry["password"]
+      end
+    end
 end