Skip to main content

Docker Credentials

Description#

General#

  • Documentation: https://docs.docker.com/docker-hub/api/latest/
  • Summary: Docker is a set of platform as a service products that helps in delivering packages called containers. Among other things Docker provides a container image library called Docker Hub that acts as a registry to host images. This detector aims at catching access tokens that are used as password to programmatically interact with the service.
  • IPs allowlist: This is not mentioned in the documentation.
  • Scopes: Various scopes can be attributed to an access token: 'Read, Write, Delete', 'Read & Write', 'Read-only' or 'Public repo read only'

Revoke the secret#

An access token can be revoked from the security tab in the Docker Hub UI.

Check for suspicious activity#

The UI gives useful information about access tokens' creation and their latest usage date.

Details for Docker credentials#

  • Family: Api

  • Category: Package registry

  • Company: Docker

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.2

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - dckr_pat_[a-z0-9-]{27}

Examples#

- text: |    +  DOCKERHUB_USERNAME: "someuserhere"    +  DOCKERHUB_TOKEN: "dckr_pat_jhQhxwAEBQjrxo4-n0tkOpEMivH"  username: someuserhere  password: dckr_pat_jhQhxwAEBQjrxo4-n0tkOpEMivH