Docker Registry Credentials
Service Name: Docker Hub / Docker Registry
Service Description: Docker Registry is a stateless, highly scalable server-side application that stores and distributes Docker images. Docker Hub is the default public registry for Docker images, but organizations can also run private registries.
Service Address: https://hub.docker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level for Docker Hub access.
Secret Access Scope: Grants access to pull, push, and manage Docker images in repositories. Depending on the permissions associated with the credentials, this could allow access to private repositories and organization resources.
Secret Revokement URL: https://hub.docker.com/settings/security
Secret Example: dckr_pat_abcDEFghiJKLmnoPQRstuvwXYZ1234567890
Suspicious Activity Investigation Instructions:
- Review Docker Hub access logs for unusual pull/push activities
- Check for unauthorized image uploads or modifications
- Monitor for unusual repository access patterns
- Verify if any new repositories were created without authorization
- Review webhook configurations for any unauthorized changes
- Check for unusual API calls or authentication attempts
Mitigation Instructions:
-
Immediately revoke the compromised Personal Access Token (PAT) in Docker Hub settings
-
Generate a new token with appropriate permissions
- Update all CI/CD pipelines and systems using the old token
- Enable two-factor authentication for all Docker Hub accounts
- Review and restrict access permissions for all tokens
- Consider implementing shorter token expiration periods
- Audit all repositories for unauthorized changes
- Implement IP restrictions for Docker Hub access if available
- Consider using Docker Content Trust to sign and verify images