I've created access token in dockerhub for reading, writing and deleting.
But when I tried to pull an image from my docker hub repo (after $docker logout
) I can pull image without any authentication process. (but docker push
is blocked. I needed to login via docker login
first)
If so, what is access_token
for?
CodePudding user response:
Your repository (image) is public probably. You can have private images on the paid tiers.
CodePudding user response:
Access tokens will not help you while pulling the images as you are using a public repo. Access tokens are an alternative to password only. Access tokens can be used as a substitute for your password in Docker Hub, especially for integrating your Hub account with other tools. The advantage of using tokens is the ability to create and manage multiple tokens at once so you can generate different tokens for each integration and revoke them independently at any time. Using Docker CLI, you can use tokens to access Hub images.
Access tokens provides advantages over a password:
You can investigate the last usage of the access token and disable or delete it if you find any suspicious activity.
When using an access token, you can’t perform any admin activity on the account, including changing the password.
For creating a token,you have access to 4 scopes:
- Read, write, delete: The scope of this token allows you to read, write and delete all of the repos that you have access to. (It does not allow you to modify account settings as a password authentication would).
- Read, write: This scope is for read/write within repos you have access to (all the public content on Hub & your private content).This is the sort of scope to use within a CI that is also pushing to a repo.
- Read only: This scope is read only for all repos you have have access to, this is great when used in production where it only needs to pull content from repos to run it.
- Public repo read only: This scope is for reading only public content, so nothing from your or your team’s repos. This is great when you want to set up a system which is just pulling say Docker Official Images or Trusted content from Docker Hub.