You can create a personal access token (PAT) to use as an alternative to your password for Docker CLI authentication.
Compared to passwords, PATs provide the following advantages:
You can investigate when the PAT was last used and then disable or delete it if you find any suspicious activity.When using an access token, you can't perform any administrative activity on the account, including changing the password. It protects your account if your computer is compromised.Access tokens are valuable for building integrations, as you can issue multiple tokens, one for each integration, and revoke them atany time.Create an access tokenImportant
Treat access tokens like your password and keep them secret. Store your tokens securely in a credential manager for example.
Use the Docker Admin Console to create an access token.
Sign in to yourDocker account.
Select your avatar in the top-right corner and from the drop-down menu select Account settings.
In the Security section, select Personal access tokens.
Select Generate new token.
Add a description for your token. Use something that indicates the use case or purpose of the token.
Select the expiration date for the token.
Set the access permissions.The access permissions are scopes that set restrictions in yourrepositories. For example, for Read & Write permissions, an automationpipeline can build an image and then push it to a repository. However, itcan't delete the repository.
Select Generate and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt.
Use an access tokenYou can use an access token in place of your password when you sign in using Docker CLI.
Sign in from your Docker CLI client with the following command, replacing YOUR_USERNAME with your Docker ID:
$ docker login --usernameWhen prompted for a password, enter your personal access token instead of a password.
Note
If you havetwo-factor authentication (2FA) enabled, you mustuse a personal access token when logging in from the Docker CLI. 2FA is anoptional, but more secure method of authentication.
Modify existing tokensNote
You can't edit the expiration date on an existing token. You must create a new PAT if you need to set a new expiration date.
You can rename, activate, deactivate, or delete a token as needed. You can manage your tokens in your account settings.
Sign in to yourDocker account.
Select your avatar in the top-right corner and from the drop-down menu select Account settings.
In the Security section, select Personal access tokens.This page shows an overview of all your tokens, and lists if the token was generated manually or if it wasauto-generated. You can also view the numberof tokens that are activated and deactivated in the toolbar.
Select the actions menu on the far right of a token row, then select Deactivate, Edit, or Delete to modify the token.
After modifying the token, select Save token.
Auto-generated tokensWhen you sign in to your Docker account with Docker Desktop, Docker Desktop generates an authentication token on your behalf. When you interact with Docker Hub using the Docker CLI, the CLI uses this token for authentication. The token scope has Read, Write, and Delete access. If your Docker Desktop session expires, the token is automatically removed locally.
You can have up to 5 auto-generated tokens associated with your account. These are deleted and created automatically based on usage and creation dates. You can also delete your auto-generated tokens as needed. For more information, seeModify existing tokens.