github.com/olljanat/moby@v1.13.1/docs/reference/commandline/login.md

github.com/olljanat/moby@v1.13.1/docs/reference/commandline/login.md (about)

     1  ---
     2  title: "login"
     3  description: "The login command description and usage"
     4  keywords: "registry, login, image"
     5  ---
     6  
     7  <!-- This file is maintained within the docker/docker Github
     8       repository at https://github.com/docker/docker/. Make all
     9       pull requests against that repo. If you see this file in
    10       another repository, consider it read-only there, as it will
    11       periodically be overwritten by the definitive file. Pull
    12       requests which include edits to this file in other repositories
    13       will be rejected.
    14  -->
    15  
    16  # login
    17  
    18  ```markdown
    19  Usage:  docker login [OPTIONS] [SERVER]
    20  
    21  Log in to a Docker registry.
    22  If no server is specified, the default is defined by the daemon.
    23  
    24  Options:
    25        --help              Print usage
    26    -p, --password string   Password
    27    -u, --username string   Username
    28  ```
    29  
    30  If you want to login to a self-hosted registry you can specify this by
    31  adding the server name.
    32  
    33      example:
    34      $ docker login localhost:8080
    35  
    36  
    37  `docker login` requires user to use `sudo` or be `root`, except when:
    38  
    39  1.  connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
    40  2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details.
    41  
    42  You can log into any public or private repository for which you have
    43  credentials.  When you log in, the command stores encoded credentials in
    44  `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
    45  
    46  ## Credentials store
    47  
    48  The Docker Engine can keep user credentials in an external credentials store,
    49  such as the native keychain of the operating system. Using an external store
    50  is more secure than storing credentials in the Docker configuration file.
    51  
    52  To use a credentials store, you need an external helper program to interact
    53  with a specific keychain or external store. Docker requires the helper
    54  program to be in the client's host `$PATH`.
    55  
    56  This is the list of currently available credentials helpers and where
    57  you can download them from:
    58  
    59  - D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases
    60  - Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases
    61  - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases
    62  
    63  ### Usage
    64  
    65  You need to specify the credentials store in `$HOME/.docker/config.json`
    66  to tell the docker engine to use it:
    67  
    68  ```json
    69  {
    70  	"credsStore": "osxkeychain"
    71  }
    72  ```
    73  
    74  If you are currently logged in, run `docker logout` to remove
    75  the credentials from the file and run `docker login` again.
    76  
    77  ### Protocol
    78  
    79  Credential helpers can be any program or script that follows a very simple protocol.
    80  This protocol is heavily inspired by Git, but it differs in the information shared.
    81  
    82  The helpers always use the first argument in the command to identify the action.
    83  There are only three possible values for that argument: `store`, `get`, and `erase`.
    84  
    85  The `store` command takes a JSON payload from the standard input. That payload carries
    86  the server address, to identify the credential, the user name, and either a password
    87  or an identity token.
    88  
    89  ```json
    90  {
    91  	"ServerURL": "https://index.docker.io/v1",
    92  	"Username": "david",
    93  	"Secret": "passw0rd1"
    94  }
    95  ```
    96  
    97  If the secret being stored is an identity token, the Username should be set to
    98  `<token>`.
    99  
   100  The `store` command can write error messages to `STDOUT` that the docker engine
   101  will show if there was an issue.
   102  
   103  The `get` command takes a string payload from the standard input. That payload carries
   104  the server address that the docker engine needs credentials for. This is
   105  an example of that payload: `https://index.docker.io/v1`.
   106  
   107  The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name
   108  and password from this payload:
   109  
   110  ```json
   111  {
   112  	"Username": "david",
   113  	"Secret": "passw0rd1"
   114  }
   115  ```
   116  
   117  The `erase` command takes a string payload from `STDIN`. That payload carries
   118  the server address that the docker engine wants to remove credentials for. This is
   119  an example of that payload: `https://index.docker.io/v1`.
   120  
   121  The `erase` command can write error messages to `STDOUT` that the docker engine
   122  will show if there was an issue.