docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ENGDOCS-1266 (#16918) 

* ENGDOCS-1266

* edits

* more edits

* review edits

* review edits
This commit is contained in:
Allie Sadler 2023-03-20 14:50:53 +00:00 committed by GitHub
parent 5d41ada042
commit 98e5e3ff9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 55 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -1776,7 +1776,7 @@ manuals:
- sectiontitle: Security and authentication
section:
- path: /docker-hub/access-tokens/
title: Manage access tokens
title: Create and manage access tokens
- sectiontitle: Two-factor authentication
section:
- path: /docker-hub/2fa/

23
docker-hub/2fa/disable-2fa.md
View File

@ -4,25 +4,16 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa
title: Disable two-factor authentication on Docker Hub
---
> **Note:**
> Disabling two-factor authentication will result in decreased security for your
> **Warning**
>
> Disabling two-factor authentication results in decreased security for your
> Docker Hub account.
{: .warning }
## Prerequisites
Two-factor authentication is enabled on your Docker Hub account.
## Disable two-factor authentication
To disable two-factor authentication, log in to your Docker Hub account. Click
on your username and select **Account Settings**. Go to Security and click on
**Disable 2FA**.
1. Sign in to your Docker Hub account.
2. Select your username and then from the dropdown menu, select **Account Settings**.
3. Navigate to the **Security** tab and select **Disable 2FA**.
4. Enter your password and select **Disable 2FA**.
![Disable 2FA button](../images/2fa-disable-2fa.png)
You will be prompted to input your Docker ID password. Enter your password and
click **Disable 2FA**.
![Enter your password view](../images/2fa-enter-pw-disable-2fa.png){:width="250px"}
You have successfully disabled two-factor authentication.

56
docker-hub/2fa/index.md
View File

@ -4,12 +4,11 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa
title: Enable two-factor authentication for Docker Hub
---
## About two-factor authentication
Two-factor authentication adds an extra layer of security to your Docker Hub
account by requiring a unique security code when you log into your account. The
security code will be required in addition to your password.
account by requiring a unique security code when you sign in to your account. The
security code is required in addition to your password.
When you enable two-factor authentication, you will also be provided a recovery
When you enable two-factor authentication, you are also provided with a recovery
code. Each recovery code is unique and specific to your account. You can use
this code to recover your account in case you lose access to your authenticator
app. See [Recover your Docker Hub account](recover-hub-account/).
@ -21,45 +20,20 @@ You need a mobile phone with a time-based one-time password authenticator
application installed. Common examples include Google Authenticator or Yubico
Authenticator with a registered YubiKey.
> **Note:**
> Two-factor authentication is currently in beta. Feel free to provide feedback
> at the [Docker Hub feedback repo](https://github.com/docker/hub-feedback/issues).
{: .important}
## Enable two-factor authentication
To enable two-factor authentication, log in to your Docker Hub account. Click
on your username and select **Account Settings**. Go to Security and click
**Enable Two-Factor Authentication**.
1. Sign to your Docker Hub account.
2. Select your username and then from the dropdown menu, select **Account Settings**.
3. Select the **Security** tab and then select **Enable Two-Factor Authentication**.
The next page reminds you to download an authenticator app.
4. Select **Set up using an app**.
Your unique recovery code is sent to you.
5. Save your recovery code and store it somewhere safe.
Your recovery code can be used to recover your account in the event you lose access to your authenticator app.
![Two-factor home](../images/2fa-security-home.png)
6. Select **Next** and then open your authenticator app.
You can choose between scanning the QR code or entering a text code into your authenticator app.
7. Once you have linked your authenticator app, enter the six-digit code to in text field and then select **Next**.
The next page will remind you to download an authenticator app. Click **Set up**
**using an app**. You will receive your unique recovery code.
> **Save your recovery code and store it somewhere safe.**
>
> Your recovery code can be used to recover your account in the event you lose
> access to your authenticator app.
{: .important }
![Recovery code example](../images/2fa-recovery-code.png)
After you have saved your code, click **Next**.
Open your authenticator app. You can choose between scanning the QR code or
entering a text code into your authenticator app. Once you have linked your
authenticator app, it will give you a six-digit code to enter in text field.
Click **Next**.
![Enter special code view](../images/2fa-enter-code.png)
You have successfully enabled two-factor authentication. The next time you log
Two-factor authentication is now enabled. The next time you sign
in to your Docker Hub account, you will be asked for a security code.
> **Note:**
> Now that you have two-factor authentication enabled on your account, you must
> create at least one personal access token. Otherwise, you will be unable to
> log in to your account from the Docker CLI. See [Managing access tokens](../access-tokens)
> for more information.
{: .important }

18
docker-hub/2fa/new-recovery-code.md
View File

@ -7,20 +7,12 @@ title: Generate a new recovery code
If you have lost your two-factor authentication recovery code and still have
access to your Docker Hub account, you can generate a new recovery code.
## Prerequisites
Two-factor authentication is enabled on your Docker Hub account.
## Generate a new recovery code
To disable two-factor authentication, log in to your Docker Hub account. Click
on your username and select **Account Settings**. Go to **Security** and **Click here to generate a new code**.
1. Sign in to your Docker Hub account.
2. Select your username and then from the dropdown menu, select **Account Settings**.
3. Navigate to the **Security** tab and select **Click here to generate a new code**.
4. Enter your password.
![New recovery code link](../images/2fa-disable-2fa.png)
Enter your password.
![Enter your password view](../images/2fa-pw-new-code.png){:width="250px"}
Your new recovery code will be displayed. Remember to save your recovery code
Your new recovery code is displayed. Remember to save your recovery code
and store it somewhere safe.

8
docker-hub/2fa/recover-hub-account.md
View File

@ -5,9 +5,9 @@ title: Recover your Docker Hub account
---
If you have lost access to both your two-factor authentication application and
your recovery code,
If you have lost access to both your two-factor authentication application and your recovery code:
1. Navigate to [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} and enter your username and password.
2. Click **I've lost my authentication device** and **I've lost my recovery code**.
3. Complete the [Contact Support form](https://hub.docker.com/support/contact/?category=2fa-lockout){:target="_blank" rel="noopener" class="_"}. You must enter the primary email address associated with your Docker ID in the Contact Support form for recovery instructions.
2. Select **I've lost my authentication device** and **I've lost my recovery code**.
3. Complete the [Contact Support form](https://hub.docker.com/support/contact/?category=2fa-lockout){:target="_blank" rel="noopener" class="_"}.
You must enter the primary email address associated with your Docker ID in the Contact Support form for recovery instructions.

69
docker-hub/access-tokens.md
View File

@ -1,67 +1,49 @@
---
title: Manage access tokens
title: Create and manage access tokens
description: Learn how to create and manage your personal Docker Hub access tokens to securely push and pull images programmatically.
keywords: docker hub, hub, security, PAT, personal access token
---
Docker Hub lets you create personal access tokens as alternatives to your password. You can use tokens to access Hub images from the Docker CLI.
If you are using the [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"}
tool (currently experimental) to access Hub images from the Docker CLI, you can create personal access tokens (PAT) as alternatives to your password.
Using personal access tokens provides some advantages over a password:
Compared to passwords, personal access tokens provide the following advantages:
* You can investigate the last usage of the access token and disable or delete
it if you find any suspicious activity.
* When using an access token, you can't perform any admin activity on the account, including changing the password. It protects your account if your computer is compromised.
- You can investigate when the PAT was last used and then disable or delete it if you find any suspicious activity.
- When using an access token, you can't perform any admin activity on the account, including changing the password. It protects your account if your computer is compromised.
Docker provides a [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"}
tool (currently experimental) and an API that allows you to interact with Docker Hub. Browse through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} documentation to explore the supported endpoints.
> **Important**
>
> Treat access tokens like your password and keep them secret. Store your
> tokens securely (for example, in a credential manager).
{: .important}
Access tokens are valuable for building integrations, as you can issue
multiple tokens – one for each integration – and revoke them at
Access tokens are also valuable for building integrations, as you can issue multiple tokens, one for each integration, and revoke them at
any time.
> **Note**
>
> If you have [two-factor authentication (2FA)](2fa/index.md) enabled on
> your account, you must create at least one personal access token. Otherwise,
> you will be unable to log in to your account from the Docker CLI.
> you won't be able to sign in to your account from the Docker CLI.
## Create an access token
The following video walks you through the process of managing access tokens.
> **Important**
>
> Treat access tokens like your password and keep them secret. Store your tokens securely in a credential manager for example.
{: .important}
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/Qs5xGj85Aek" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
1. Sign in to [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}.
To create your access token:
2. Select your username in the top-right corner and from the dropdown menu select **Account Settings**.
1. Log in to [hub.docker.com](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}.
2. Click on your username in the top right corner and select **[Account Settings](https://hub.docker.com/settings/general)**.
3. Select **[Security](https://hub.docker.com/settings/security) > New Access Token**.
4. Add a description for your token. Use something that indicates where the token
will be used, or set a purpose for the token. You can view the following access
permissions from the drop-down:
![New access token menu](images/hub-create-token.png){:width="700px"}
3. Select the **Security** tab and then **New Access Token**.
4. Add a description for your token. Use something that indicates the use case or purpose of the token.
5. Set the access permissions.
The access permissions are scopes that set restrictions in your
repositories. For example, for Read & Write permissions, an automation
pipeline can build an image and then push it to a repository. However, it
can not delete the repository.
5. Copy the token that appears on the screen and save it. You will not be able
6. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able
to retrieve the token once you close this prompt.
![Copy access token view](images/hub-copy-token.png){:width="700px"}
## Use an access token
You can use an access token anywhere that requires your Docker Hub
@ -81,16 +63,11 @@ a password.
You can rename, activate, deactivate, or delete a token as needed.
1. Access your tokens under **[Account Settings > Security](https://hub.docker.com/settings/security){: target="_blank" rel="noopener" class="_"}**.
1. Access your tokens under **Account Settings > Security**.
This page shows an overview of all your tokens. You can also view the number
of tokens that are activated and deactivated in the toolbar.
![Delete or edit and access token](images/hub-delete-edit-token.png){:width="700px"}
2. Choose a token and then select **Delete** or **Edit**, or use the menu on the far right of a token row to bring up the edit screen.
You can also select multiple tokens to delete at once.
2. Select a token and click **Delete** or **Edit**, or use the menu on
the far right of a token row to bring up the edit screen. You can also
select multiple tokens to delete at once.
![Modify an access token](images/hub-edit-token.png){:width="700px"}
3. After modifying the token, click the **Save** button to save your changes.
3. After modifying the token, select **Save**.