docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates to PAT doc for 2FA, and updates to Docker ID doc with some PAT info (#9699) 

Signed-off-by: Lena Larionova <lena.larionova@docker.com>
This commit is contained in:
lena-larionova 2019-10-21 13:35:37 -07:00 committed by GitHub
parent e3b21d97b5
commit 048d4ee67b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docker-hub/access-tokens.md
View File

@ -6,9 +6,16 @@ keywords: docker hub, hub, security, PAT, personal access token
Docker Hub lets you create personal access tokens as alternatives to your password. You can use tokens to access Hub images from the Docker CLI.
Access tokens are useful in cases such as building integrations since
you can issue multiple tokens &ndash; one for each integration &ndash;
and revoke them at any time.
Using personal access tokens provides some advantages over a password:
* You can investigate when an access token was used last, and disable or delete it if you find any suspicious activity.
* When logged in with an access token, you can't perform any admin activity on the account, including changing the password.
Access tokens are also useful in building integrations, since you can issue
multiple tokens &ndash; one for each integration &ndash; and revoke them at
any time.
> Note: If you have [two-factor authentication (2FA)](/2fa) enabled on your account, you must create at least one personal access token. Otherwise, you will be unable to log in to your account from the Docker CLI.
{: .important }
## Create an access token
@ -52,4 +59,10 @@ select multiple tokens to delete them all once.
You can use an access token anywhere that requires your Docker Hub
password.
For example, when logging in from your Docker CLI client (`docker login --username <username>`), omit the password in the login command. When you're prompted for a password, enter your token instead.
When logging in from your Docker CLI client (`docker login --username <username>`),
omit the password in the login command. When you're prompted for
a password, enter your token instead.
If you have 2FA enabled, you must use a personal access token when logging in
from the Docker CLI. If you don't have it enabled, this is an optional (but
more secure) method of authentication.

BIN
docker-id/images/login2019.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

8
docker-id/index.md
View File

@ -41,13 +41,13 @@ Your Docker ID becomes your user namespace for hosted Docker services, and becom
Once you register and verify your Docker ID email address, you can log in
to [Docker Hub](https://hub.docker.com) and [Docker Support](https://support.docker.com).
![Login](images/login.png)
![Login](images/login2019.png)
You can also log in using the `docker login` command. (You can read more about `docker login` [here](/engine/reference/commandline/login.md).)
> **Warning**:
> When you use the `docker login` command, your credentials are
stored in your home directory in `.docker/config.json`. The password is base64
encoded in this file. If you require secure storage for this password, use the
[Docker credential helpers](https://github.com/docker/docker-credential-helpers).
stored in your home directory in `.docker/config.json`. The password is base64-encoded in this file.
>
> For extra security, you can use a [personal access token](/docker-hub/access-tokens) to log in instead, which is still encoded in this file but doesn't allow admin actions (such as changing the password). If you require secure storage for this password or personal access token, use the [Docker credential helpers](https://github.com/docker/docker-credential-helpers).
{:.warning}