Docker PAT (Personal Access Token)
Service Name: Docker Hub
Service Description: Docker Hub is a cloud-based repository service where users can create, test, store, and distribute container images. It provides both public and private repositories for storing Docker images.
Service Address: https://hub.docker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level for Docker Hub access.
Secret Access Scope: Grants programmatic access to Docker Hub repositories, allowing users to push, pull, and manage container images.
Secret Revokement URL: https://hub.docker.com/settings/security
Secret Example: dckr_pat_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm1234
Suspicious Activity Investigation Instructions:
- Review Docker Hub access logs for unusual pull or push activities.
- Check for unauthorized image pushes or repository modifications.
- Examine repository permissions and access patterns.
- Look for unusual geographic access locations or times.
- Monitor for unexpected image tags or versions being created.
Mitigation Instructions:
- Log in to Docker Hub and navigate to your account settings.
- Go to the Security section.
- Locate the compromised Personal Access Token in the list.
- Select the Delete or Revoke button next to the token.
- Create a new token with appropriate permissions if needed.
- Review and update repository permissions to ensure proper access controls.
- Enable two-factor authentication for your Docker Hub account if not already enabled.
- Consider implementing organization-level security policies for Docker Hub access.