Docker Credentials

Description

General

Documentation: https://docs.docker.com/docker-hub/api/latest/
Summary: Docker is a set of platform as a service products that helps in delivering packages called containers. Among other things Docker provides a container image library called Docker Hub that acts as a registry to host images. This detector aims at catching access tokens that are used as password to programmatically interact with the service.
IPs allowlist: This is not mentioned in the documentation.
Scopes: Various scopes can be attributed to an access token: 'Read, Write, Delete', 'Read & Write', 'Read-only' or 'Public repo read only'

Revoke the secret

An access token can be revoked from the security tab in the Docker Hub UI.

Check for suspicious activity

The UI gives useful information about access tokens' creation and their latest usage date.

Details for `Docker credentials`

Family: Api
Category: Package registry
Company: Docker
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.2
Prefixed: True
PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - dckr_pat_[a-z0-9-]{27}

Examples

- text: |
    +  DOCKERHUB_USERNAME: "someuserhere"
    +  DOCKERHUB_TOKEN: "dckr_pat_jhQhxwAEBQjrxo4-n0tkOpEMivH"
  username: someuserhere
  password: dckr_pat_jhQhxwAEBQjrxo4-n0tkOpEMivH