github.com/brahmaroutu/docker@v1.2.1-0.20160809185609-eb28dde01f16/docs/reference/commandline/login.md

github.com/brahmaroutu/docker@v1.2.1-0.20160809185609-eb28dde01f16/docs/reference/commandline/login.md (about)

     1  <!--[metadata]>
     2  +++
     3  title = "login"
     4  description = "The login command description and usage"
     5  keywords = ["registry, login, image"]
     6  [menu.main]
     7  parent = "smn_cli"
     8  +++
     9  <![end-metadata]-->
    10  
    11  # login
    12  
    13  ```markdown
    14  Usage:  docker login [OPTIONS] [SERVER]
    15  
    16  Log in to a Docker registry.
    17  If no server is specified, the default is defined by the daemon.
    18  
    19  Options:
    20        --help              Print usage
    21    -p, --password string   Password
    22    -u, --username string   Username
    23  ```
    24  
    25  If you want to login to a self-hosted registry you can specify this by
    26  adding the server name.
    27  
    28      example:
    29      $ docker login localhost:8080
    30  
    31  
    32  `docker login` requires user to use `sudo` or be `root`, except when:
    33  
    34  1.  connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
    35  2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details.
    36  
    37  You can log into any public or private repository for which you have
    38  credentials.  When you log in, the command stores encoded credentials in
    39  `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
    40  
    41  > **Note**:  When running `sudo docker login` credentials are saved in `/root/.docker/config.json`.
    42  >
    43  
    44  ## Credentials store
    45  
    46  The Docker Engine can keep user credentials in an external credentials store,
    47  such as the native keychain of the operating system. Using an external store
    48  is more secure than storing credentials in the Docker configuration file.
    49  
    50  To use a credentials store, you need an external helper program to interact
    51  with a specific keychain or external store. Docker requires the helper
    52  program to be in the client's host `$PATH`.
    53  
    54  This is the list of currently available credentials helpers and where
    55  you can download them from:
    56  
    57  - D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases
    58  - Apple OS X keychain: https://github.com/docker/docker-credential-helpers/releases
    59  - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases
    60  
    61  ### Usage
    62  
    63  You need to speficy the credentials store in `$HOME/.docker/config.json`
    64  to tell the docker engine to use it:
    65  
    66  ```json
    67  {
    68  	"credsStore": "osxkeychain"
    69  }
    70  ```
    71  
    72  If you are currently logged in, run `docker logout` to remove
    73  the credentials from the file and run `docker login` again.
    74  
    75  ### Protocol
    76  
    77  Credential helpers can be any program or script that follows a very simple protocol.
    78  This protocol is heavily inspired by Git, but it differs in the information shared.
    79  
    80  The helpers always use the first argument in the command to identify the action.
    81  There are only three possible values for that argument: `store`, `get`, and `erase`.
    82  
    83  The `store` command takes a JSON payload from the standard input. That payload carries
    84  the server address, to identify the credential, the user name, and either a password
    85  or an identity token.
    86  
    87  ```json
    88  {
    89  	"ServerURL": "https://index.docker.io/v1",
    90  	"Username": "david",
    91  	"Secret": "passw0rd1"
    92  }
    93  ```
    94  
    95  If the secret being stored is an identity token, the Username should be set to
    96  `<token>`.
    97  
    98  The `store` command can write error messages to `STDOUT` that the docker engine
    99  will show if there was an issue.
   100  
   101  The `get` command takes a string payload from the standard input. That payload carries
   102  the server address that the docker engine needs credentials for. This is
   103  an example of that payload: `https://index.docker.io/v1`.
   104  
   105  The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name
   106  and password from this payload:
   107  
   108  ```json
   109  {
   110  	"Username": "david",
   111  	"Secret": "passw0rd1"
   112  }
   113  ```
   114  
   115  The `erase` command takes a string payload from `STDIN`. That payload carries
   116  the server address that the docker engine wants to remove credentials for. This is
   117  an example of that payload: `https://index.docker.io/v1`.
   118  
   119  The `erase` command can write error messages to `STDOUT` that the docker engine
   120  will show if there was an issue.