Home Explore Blog CI



docker
1st chunk of `content/manuals/security/for-developers/access-tokens.md`
155801c1ae572dac3a3302f5cbceee9fcecace68d3753ffd0000000100000940
---
title: Create and manage access tokens
linkTitle: Access tokens
description: Learn how to create and manage your personal Docker access tokens
  to securely push and pull images programmatically.
keywords: docker hub, hub, security, PAT, personal access token
aliases:
- /docker-hub/access-tokens/
---

You can create a personal access token (PAT) to use as an alternative to your password for Docker CLI authentication.

Compared to passwords, PATs provide the following advantages:

- You can investigate when the PAT was last used and then disable or delete it if you find any suspicious activity.
- When using an access token, you can't perform any administrative activity on the account, including changing the password. It protects your account if your computer is compromised.
- Access tokens are valuable for building integrations, as you can issue multiple tokens, one for each integration, and revoke them at
any time.

## Create an access token

> [!IMPORTANT]
>
> Treat access tokens like your password and keep them secret. Store your tokens securely in a credential manager for example.

Use the Docker Admin Console to create an access token.

1. Sign in to your [Docker account](https://app.docker.com/login).

2. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**.

3. Select **Personal access tokens**.

4. Select **Generate new token**.

5. Add a description for your token. Use something that indicates the use case or purpose of the token.

6. Select the expiration date for the token.

7. Set the access permissions.
   The access permissions are scopes that set restrictions in your
   repositories. For example, for Read & Write permissions, an automation
   pipeline can build an image and then push it to a repository. However, it
   can't delete the repository.

8. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt.

## Use an access token

You can use an access token in place of your password when you sign in using Docker CLI.

Sign in from your Docker CLI client with the following command, replacing `YOUR_USERNAME` with your Docker ID:

```console
$ docker login --username <YOUR_USERNAME>
```

When prompted for a password, enter your personal access token instead of a password.
Title: Creating and Using Docker Access Tokens
Summary
This section explains how to create and use personal access tokens (PATs) for Docker CLI authentication, providing a more secure alternative to using passwords. PATs offer advantages such as the ability to monitor usage, restrict administrative access, and create specific tokens for different integrations. The guide outlines the steps to generate a new token via the Docker Admin Console, set its permissions and expiration date, and then use it in place of a password when logging in through the Docker CLI.