Skip to content

Docker PAT (Personal Access Token)

Service Name: Docker Hub

Service Description: Docker Hub is a cloud-based repository service where users can create, test, store, and distribute container images. It provides both public and private repositories for storing Docker images.

Service Address: https://hub.docker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for Docker Hub access.

Secret Access Scope: Grants programmatic access to Docker Hub repositories, allowing users to push, pull, and manage container images.

Secret Revokement URL: https://hub.docker.com/settings/security

Secret Example: dckr_pat_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklm1234

Suspicious Activity Investigation Instructions:

  • Review Docker Hub access logs for unusual pull or push activities.
  • Check for unauthorized image pushes or repository modifications.
  • Examine repository permissions and access patterns.
  • Look for unusual geographic access locations or times.
  • Monitor for unexpected image tags or versions being created.

Mitigation Instructions:

  • Log in to Docker Hub and navigate to your account settings.
  • Go to the Security section.
  • Locate the compromised Personal Access Token in the list.
  • Select the Delete or Revoke button next to the token.
  • Create a new token with appropriate permissions if needed.
  • Review and update repository permissions to ensure proper access controls.
  • Enable two-factor authentication for your Docker Hub account if not already enabled.
  • Consider implementing organization-level security policies for Docker Hub access.