From 98e5e3ff9bf45872a9d8cb4b424914802297a628 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Mon, 20 Mar 2023 14:50:53 +0000 Subject: [PATCH] ENGDOCS-1266 (#16918) * ENGDOCS-1266 * edits * more edits * review edits * review edits --- _data/toc.yaml | 2 +- docker-hub/2fa/disable-2fa.md | 23 +++------ docker-hub/2fa/index.md | 56 ++++++---------------- docker-hub/2fa/new-recovery-code.md | 18 ++----- docker-hub/2fa/recover-hub-account.md | 8 ++-- docker-hub/access-tokens.md | 69 +++++++++------------------ 6 files changed, 55 insertions(+), 121 deletions(-) diff --git a/_data/toc.yaml b/_data/toc.yaml index d5b3401aa6..a918b3c49e 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -1776,7 +1776,7 @@ manuals: - sectiontitle: Security and authentication section: - path: /docker-hub/access-tokens/ - title: Manage access tokens + title: Create and manage access tokens - sectiontitle: Two-factor authentication section: - path: /docker-hub/2fa/ diff --git a/docker-hub/2fa/disable-2fa.md b/docker-hub/2fa/disable-2fa.md index 2b5c8bcc07..2e6c51bc22 100644 --- a/docker-hub/2fa/disable-2fa.md +++ b/docker-hub/2fa/disable-2fa.md @@ -4,25 +4,16 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa title: Disable two-factor authentication on Docker Hub --- -> **Note:** -> Disabling two-factor authentication will result in decreased security for your +> **Warning** +> +> Disabling two-factor authentication results in decreased security for your > Docker Hub account. {: .warning } - -## Prerequisites -Two-factor authentication is enabled on your Docker Hub account. - ## Disable two-factor authentication -To disable two-factor authentication, log in to your Docker Hub account. Click -on your username and select **Account Settings**. Go to Security and click on -**Disable 2FA**. +1. Sign in to your Docker Hub account. +2. Select your username and then from the dropdown menu, select **Account Settings**. +3. Navigate to the **Security** tab and select **Disable 2FA**. +4. Enter your password and select **Disable 2FA**. -![Disable 2FA button](../images/2fa-disable-2fa.png) -You will be prompted to input your Docker ID password. Enter your password and -click **Disable 2FA**. - -![Enter your password view](../images/2fa-enter-pw-disable-2fa.png){:width="250px"} - -You have successfully disabled two-factor authentication. diff --git a/docker-hub/2fa/index.md b/docker-hub/2fa/index.md index 40a70a4f70..16600a6004 100644 --- a/docker-hub/2fa/index.md +++ b/docker-hub/2fa/index.md @@ -4,12 +4,11 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa title: Enable two-factor authentication for Docker Hub --- -## About two-factor authentication Two-factor authentication adds an extra layer of security to your Docker Hub -account by requiring a unique security code when you log into your account. The -security code will be required in addition to your password. +account by requiring a unique security code when you sign in to your account. The +security code is required in addition to your password. -When you enable two-factor authentication, you will also be provided a recovery +When you enable two-factor authentication, you are also provided with a recovery code. Each recovery code is unique and specific to your account. You can use this code to recover your account in case you lose access to your authenticator app. See [Recover your Docker Hub account](recover-hub-account/). @@ -21,45 +20,20 @@ You need a mobile phone with a time-based one-time password authenticator application installed. Common examples include Google Authenticator or Yubico Authenticator with a registered YubiKey. -> **Note:** -> Two-factor authentication is currently in beta. Feel free to provide feedback -> at the [Docker Hub feedback repo](https://github.com/docker/hub-feedback/issues). -{: .important} - ## Enable two-factor authentication -To enable two-factor authentication, log in to your Docker Hub account. Click -on your username and select **Account Settings**. Go to Security and click -**Enable Two-Factor Authentication**. +1. Sign to your Docker Hub account. +2. Select your username and then from the dropdown menu, select **Account Settings**. +3. Select the **Security** tab and then select **Enable Two-Factor Authentication**. + The next page reminds you to download an authenticator app. +4. Select **Set up using an app**. + Your unique recovery code is sent to you. +5. Save your recovery code and store it somewhere safe. + Your recovery code can be used to recover your account in the event you lose access to your authenticator app. -![Two-factor home](../images/2fa-security-home.png) +6. Select **Next** and then open your authenticator app. + You can choose between scanning the QR code or entering a text code into your authenticator app. +7. Once you have linked your authenticator app, enter the six-digit code to in text field and then select **Next**. -The next page will remind you to download an authenticator app. Click **Set up** -**using an app**. You will receive your unique recovery code. - -> **Save your recovery code and store it somewhere safe.** -> -> Your recovery code can be used to recover your account in the event you lose -> access to your authenticator app. -{: .important } - -![Recovery code example](../images/2fa-recovery-code.png) - -After you have saved your code, click **Next**. - -Open your authenticator app. You can choose between scanning the QR code or -entering a text code into your authenticator app. Once you have linked your -authenticator app, it will give you a six-digit code to enter in text field. -Click **Next**. - -![Enter special code view](../images/2fa-enter-code.png) - -You have successfully enabled two-factor authentication. The next time you log +Two-factor authentication is now enabled. The next time you sign in to your Docker Hub account, you will be asked for a security code. - -> **Note:** -> Now that you have two-factor authentication enabled on your account, you must -> create at least one personal access token. Otherwise, you will be unable to -> log in to your account from the Docker CLI. See [Managing access tokens](../access-tokens) -> for more information. -{: .important } diff --git a/docker-hub/2fa/new-recovery-code.md b/docker-hub/2fa/new-recovery-code.md index 9c1f5142a1..d5431dc018 100644 --- a/docker-hub/2fa/new-recovery-code.md +++ b/docker-hub/2fa/new-recovery-code.md @@ -7,20 +7,12 @@ title: Generate a new recovery code If you have lost your two-factor authentication recovery code and still have access to your Docker Hub account, you can generate a new recovery code. -## Prerequisites - -Two-factor authentication is enabled on your Docker Hub account. - ## Generate a new recovery code -To disable two-factor authentication, log in to your Docker Hub account. Click -on your username and select **Account Settings**. Go to **Security** and **Click here to generate a new code**. +1. Sign in to your Docker Hub account. +2. Select your username and then from the dropdown menu, select **Account Settings**. +3. Navigate to the **Security** tab and select **Click here to generate a new code**. +4. Enter your password. -![New recovery code link](../images/2fa-disable-2fa.png) - -Enter your password. - -![Enter your password view](../images/2fa-pw-new-code.png){:width="250px"} - -Your new recovery code will be displayed. Remember to save your recovery code +Your new recovery code is displayed. Remember to save your recovery code and store it somewhere safe. diff --git a/docker-hub/2fa/recover-hub-account.md b/docker-hub/2fa/recover-hub-account.md index fc4bc5271b..1c544f4754 100644 --- a/docker-hub/2fa/recover-hub-account.md +++ b/docker-hub/2fa/recover-hub-account.md @@ -5,9 +5,9 @@ title: Recover your Docker Hub account --- -If you have lost access to both your two-factor authentication application and -your recovery code, +If you have lost access to both your two-factor authentication application and your recovery code: 1. Navigate to [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"} and enter your username and password. -2. Click **I've lost my authentication device** and **I've lost my recovery code**. -3. Complete the [Contact Support form](https://hub.docker.com/support/contact/?category=2fa-lockout){:target="_blank" rel="noopener" class="_"}. You must enter the primary email address associated with your Docker ID in the Contact Support form for recovery instructions. +2. Select **I've lost my authentication device** and **I've lost my recovery code**. +3. Complete the [Contact Support form](https://hub.docker.com/support/contact/?category=2fa-lockout){:target="_blank" rel="noopener" class="_"}. + You must enter the primary email address associated with your Docker ID in the Contact Support form for recovery instructions. diff --git a/docker-hub/access-tokens.md b/docker-hub/access-tokens.md index 82a5334162..b2214e7b10 100644 --- a/docker-hub/access-tokens.md +++ b/docker-hub/access-tokens.md @@ -1,67 +1,49 @@ --- -title: Manage access tokens +title: Create and manage access tokens description: Learn how to create and manage your personal Docker Hub access tokens to securely push and pull images programmatically. keywords: docker hub, hub, security, PAT, personal access token --- -Docker Hub lets you create personal access tokens as alternatives to your password. You can use tokens to access Hub images from the Docker CLI. +If you are using the [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"} +tool (currently experimental) to access Hub images from the Docker CLI, you can create personal access tokens (PAT) as alternatives to your password. -Using personal access tokens provides some advantages over a password: +Compared to passwords, personal access tokens provide the following advantages: -* You can investigate the last usage of the access token and disable or delete - it if you find any suspicious activity. -* When using an access token, you can't perform any admin activity on the account, including changing the password. It protects your account if your computer is compromised. +- You can investigate when the PAT was last used and then disable or delete it if you find any suspicious activity. +- When using an access token, you can't perform any admin activity on the account, including changing the password. It protects your account if your computer is compromised. -Docker provides a [Docker Hub CLI](https://github.com/docker/hub-tool#readme){: target="_blank" rel="noopener" class="_"} -tool (currently experimental) and an API that allows you to interact with Docker Hub. Browse through the [Docker Hub API](/docker-hub/api/latest/){: target="_blank" rel="noopener" class="_"} documentation to explore the supported endpoints. - -> **Important** -> -> Treat access tokens like your password and keep them secret. Store your -> tokens securely (for example, in a credential manager). -{: .important} - -Access tokens are valuable for building integrations, as you can issue -multiple tokens – one for each integration – and revoke them at +Access tokens are also valuable for building integrations, as you can issue multiple tokens, one for each integration, and revoke them at any time. - > **Note** > > If you have [two-factor authentication (2FA)](2fa/index.md) enabled on > your account, you must create at least one personal access token. Otherwise, - > you will be unable to log in to your account from the Docker CLI. - + > you won't be able to sign in to your account from the Docker CLI. ## Create an access token -The following video walks you through the process of managing access tokens. +> **Important** +> +> Treat access tokens like your password and keep them secret. Store your tokens securely in a credential manager for example. +{: .important} - +1. Sign in to [Docker Hub](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}. -To create your access token: +2. Select your username in the top-right corner and from the dropdown menu select **Account Settings**. -1. Log in to [hub.docker.com](https://hub.docker.com){: target="_blank" rel="noopener" class="_"}. - -2. Click on your username in the top right corner and select **[Account Settings](https://hub.docker.com/settings/general)**. - -3. Select **[Security](https://hub.docker.com/settings/security) > New Access Token**. - -4. Add a description for your token. Use something that indicates where the token - will be used, or set a purpose for the token. You can view the following access - permissions from the drop-down: - - ![New access token menu](images/hub-create-token.png){:width="700px"} +3. Select the **Security** tab and then **New Access Token**. +4. Add a description for your token. Use something that indicates the use case or purpose of the token. + +5. Set the access permissions. The access permissions are scopes that set restrictions in your repositories. For example, for Read & Write permissions, an automation pipeline can build an image and then push it to a repository. However, it can not delete the repository. -5. Copy the token that appears on the screen and save it. You will not be able +6. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt. - ![Copy access token view](images/hub-copy-token.png){:width="700px"} - ## Use an access token You can use an access token anywhere that requires your Docker Hub @@ -81,16 +63,11 @@ a password. You can rename, activate, deactivate, or delete a token as needed. -1. Access your tokens under **[Account Settings > Security](https://hub.docker.com/settings/security){: target="_blank" rel="noopener" class="_"}**. +1. Access your tokens under **Account Settings > Security**. This page shows an overview of all your tokens. You can also view the number of tokens that are activated and deactivated in the toolbar. - ![Delete or edit and access token](images/hub-delete-edit-token.png){:width="700px"} +2. Choose a token and then select **Delete** or **Edit**, or use the menu on the far right of a token row to bring up the edit screen. + You can also select multiple tokens to delete at once. -2. Select a token and click **Delete** or **Edit**, or use the menu on - the far right of a token row to bring up the edit screen. You can also - select multiple tokens to delete at once. - - ![Modify an access token](images/hub-edit-token.png){:width="700px"} - -3. After modifying the token, click the **Save** button to save your changes. +3. After modifying the token, select **Save**.