Skip to content

Docker PAT

Service Name: Docker

Service Description: Docker is a platform that enables developers to build, share, and run applications in containers. Docker Personal Access Tokens (PATs) are used to authenticate with Docker Hub and other Docker services.

Service Address: https://hub.docker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for Docker Hub access.

Secret Access Scope: Grants access to Docker Hub repositories, allowing users to push, pull, and manage container images based on the token's permissions.

Secret Revokement URL: https://hub.docker.com/settings/security

Secret Example: dckr_pat_abcDEFghiJKLmnoPQRstuvwXYZ1234567890

Suspicious Activity Investigation Instructions:

  • Review Docker Hub access logs for unusual pull or push activities.
  • Check for unauthorized image publications or modifications to existing images.
  • Monitor for unusual repository access patterns or unexpected image tags.
  • Verify if the token has been used from unusual geographic locations.
  • Review organization audit logs for suspicious administrative actions.

Mitigation Instructions:

  • Log in to Docker Hub and navigate to your account settings.
  • Go to the "Security" section.
  • Locate the compromised Personal Access Token.
  • Select Delete or Revoke to immediately invalidate the token.
  • Create a new token with appropriate scopes if needed.
  • Review and update repository permissions to ensure proper access controls.
  • Consider enabling two-factor authentication for your Docker Hub account.
  • Audit container images that may have been modified during the compromise period.