10.1.2.1 Registry Login Credentials
A focused guide to Registry Login Credentials, connecting core concepts with practical Docker and container operations.
Registry login credentials are the username and password (or, increasingly commonly, an access token) used to authenticate with a registry through docker login, with their secure handling an important practical consideration given how broadly they might otherwise be exposed.
Logging In With a Username and Password
The most straightforward authentication form prompts for credentials directly.
docker login registry.example.com
Username: myuser
Password: ********
Why Access Tokens Are Often Preferable to Account Passwords
Many registries support generating a dedicated access token, scoped to specific permissions and independently revocable, as an alternative to using an account's actual password directly for authentication.
docker login registry.example.com -u myuser
Providing a generated access token as the password when prompted limits exposure if that particular credential were ever compromised, since it can be revoked independently without affecting the account's actual password.
Avoiding Credentials in Shell History or Scripts
Passing a password directly as a command-line argument risks it being recorded in shell history or visible to anything inspecting running processes — piping it in instead avoids this particular exposure.
echo "$REGISTRY_TOKEN" | docker login registry.example.com -u myuser --password-stdin
This --password-stdin approach avoids the password ever appearing directly as a command-line argument.
Storing Credentials Securely for Automated Use
For CI/CD pipelines or other automated contexts needing registry access, storing credentials as a properly secured secret (rather than embedded directly in a script) is essential.
echo "$CI_REGISTRY_TOKEN" | docker login registry.example.com -u "$CI_REGISTRY_USER" --password-stdin
Why Registry Login Credentials Matter
Handling registry credentials carefully — preferring scoped access tokens, avoiding exposure in shell history or scripts, and properly securing them in automated contexts — is an important practical security consideration whenever registry authentication is involved.