Skip to content

Docker Registry Credentials

Service Name: Docker Hub / Docker Registry

Service Description: Docker Registry is a stateless, highly scalable server-side application that stores and distributes Docker images. Docker Hub is the default public registry for Docker images, but organizations can also run private registries.

Service Address: https://hub.docker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for Docker Hub access.

Secret Access Scope: Grants access to pull, push, and manage Docker images in repositories. Depending on the permissions associated with the credentials, this could allow access to private repositories and organization resources.

Secret Revokement URL: https://hub.docker.com/settings/security

Secret Example: dckr_pat_abcDEFghiJKLmnoPQRstuvwXYZ1234567890

Suspicious Activity Investigation Instructions:

  • Review Docker Hub access logs for unusual pull/push activities
  • Check for unauthorized image uploads or modifications
  • Monitor for unusual repository access patterns
  • Verify if any new repositories were created without authorization
  • Review webhook configurations for any unauthorized changes
  • Check for unusual API calls or authentication attempts

Mitigation Instructions:

  • Immediately revoke the compromised Personal Access Token (PAT) in Docker Hub settings

  • Generate a new token with appropriate permissions

  • Update all CI/CD pipelines and systems using the old token
  • Enable two-factor authentication for all Docker Hub accounts
  • Review and restrict access permissions for all tokens
  • Consider implementing shorter token expiration periods
  • Audit all repositories for unauthorized changes
  • Implement IP restrictions for Docker Hub access if available
  • Consider using Docker Content Trust to sign and verify images