Docker Hub
Docker Hub integration allows your product to connect with Docker Hub repositories to fetch container image metadata, list repositories, view tags, and analyze images for security scanning or compliance purposes. This integration is especially useful for DevSecOps workflows, image inventory, and vulnerability management pipelines.
Credentials Needed
To connect your product with Docker Hub, you need Docker Hub API credentials for authentication.
Required credentials:
- Docker Hub Username
- Docker Hub Access Token (or Password)
It is strongly recommended to use a Personal Access Token instead of your Docker Hub account password for security and automation purposes.
Permissions Needed / API Scopes
Docker Hub uses access tokens with specific scopes. For integrations that only read repository and image data, read-only access is sufficient.
| Functionality | Required Scope | Description |
|---|---|---|
| Read repositories | repository:read | Allows listing repositories and fetching metadata |
| Read image tags | repository:read | Allows reading image tags and manifests |
| Write (optional) | repository:write | Allows pushing or modifying images (not recommended) |
| Delete (optional) | repository:delete | Allows deleting repositories or tags (not recommended) |
Recommended Scope: repository:read
Creating Users / Access Tokens
Step 1: Generate a Personal Access Token
- Log in to Docker Hub: https://hub.docker.com/
- Click on your profile avatar → Account Settings → Security → Access Tokens.
- Click New Access Token.
- Provide a name for the token (e.g.,
DockerHubIntegrationToken). - Under Access permissions, choose:
- Read-only (recommended for most integrations).
- Click Generate.
- Copy and securely store the access token — it will only be displayed once.
Test Connectivity
You can test the credentials using curl or any REST API client:
# Authenticate to Docker Hub
curl -X POST https://hub.docker.com/v2/users/login/ \
-H "Content-Type: application/json" \
-d '{"username": "<USERNAME>", "password": "<ACCESS_TOKEN>"}'
# List repositories for the user
curl -H "Authorization: JWT <TOKEN>" https://hub.docker.com/v2/repositories/<USERNAME>/
# List tags in a repository
curl -H "Authorization: JWT <TOKEN>" https://hub.docker.com/v2/repositories/<USERNAME>/<REPO_NAME>/tags/
If you receive valid JSON responses (repository or tag data), your integration credentials and permissions are configured correctly.
Save the Results in the Platform and Create Connection
- In your platform's connector configuration, securely store:
DOCKERHUB_USERNAMEDOCKERHUB_ACCESS_TOKEN
- Create a new connection labeled Docker Hub Integration.
- Test the connection by listing repositories or image tags to confirm connectivity.
Best Practices
- Use Access Tokens instead of passwords for all integrations.
- Assign only read-only permissions unless push/write access is required.
- Store your credentials securely using an encrypted vault or secret manager.
- Rotate Access Tokens periodically to enhance security.
- If your platform supports multiple users, allow each to connect with their own Docker Hub token for isolation.
- Cache repository metadata and tags locally to reduce rate-limit impact from the Docker Hub API.
- Respect Docker Hub's rate limits — unauthenticated requests are heavily throttled.
- Use organization-level tokens (if applicable) for enterprise integrations requiring access to multiple team repositories.