This is an automated archive made by the Lemmit Bot.
The original was posted on /r/selfhosted by /u/ElevenNotes on 2025-06-25 11:23:32+00:00.
INTRODUCTION ๐ข
Pocket ID is a simple OIDC provider that allows users to authenticate with their passkeys to your services.
SYNOPSIS ๐
What can I do with this? This image will run pocket-id rootless and distroless, for maximum security. It also contains a quick fix1 to quiet done the logging of gin.
IMPORTANT
- This image runs as 1000:1000 by default, most other images run everything as root
- This image has no shell since it is distroless, most other images run on a distro like Debian or Alpine with full shell access (security)
- This image does not ship with any critical or high rated CVE and is automatically maintained via CI/CD, most other images mostly have no CVE scanning or code quality tools in place
- This image is created via a secure, pinned CI/CD process and immune to upstream attacks, most other images have upstream dependencies that can be exploited
- This image works as read-only, most other images need to write files to the image filesystem
- This image is a lot smaller than most other images
If you value security, simplicity and the ability to interact with the maintainer and developer of an image. Using my images is a great start in that direction.
COMPARISON ๐
Below you find a comparison between this image and the most used or original one.
| image | 11notes/pocket-id:1.4.1 | ghcr.io/pocket-id/pocket-id |
|
|
|
|
| image size on disk | 20.7MB | 68.9MB |
| process UID/GID | 1000/1000 | 0/0 |
| distroless? | โ
| โ |
| rootless? | โ
| โ |
1: A PR was added to resolve this issue upstream