docsCreated with Sketch.

Sign in to Docker Desktop

Docker recommends that you authenticate using the Sign in option in the top-right corner of the Docker Dashboard.

Once signed in, you can access your Docker Hub repositories directly from Docker Desktop.

Authenticated users also get a higher pull rate limit compared to anonymous users. For example, if you are authenticated, you get 200 pulls per 6 hour period, compared to 100 pulls per 6 hour period per IP address for anonymous users. For more information, see Download rate limit.

In large enterprises where admin access is restricted, administrators can Configure registry.json to enforce sign-in. Enforcing developers to authenticate through Docker Desktop also allows administrators to improve their organization’s security posture for containerized development by taking advantage of Hardened Desktop.

Note

Docker Desktop automatically signs you out after 90 days, or after 30 days of inactivity.

Credentials management for Linux users

Docker Desktop relies on passopen_in_new to store credentials in gpg2-encrypted files. Before signing in to Docker Hub from the Docker Dashboard or the Docker menu, you must initialize pass. Docker Desktop displays a warning if you've not initialized pass.

You can initialize pass by using a gpg key. To generate a gpg key, run:

$ gpg --generate-key

The following is an example similar to what you see once you run the previous command:

...
GnuPG needs to construct a user ID to identify your key.

Real name: Molly
Email address: molly@example.com
You selected this USER-ID:
   "Molly <molly@example.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
...
pubrsa3072 2022-03-31 [SC] [expires: 2024-03-30]
 <generated gpg-id public key>
uid          Molly <molly@example.com>
subrsa3072  2022-03-31 [E] [expires: 2024-03-30]

To initialize pass, run the following command using the public key generated from the previous command:

$ pass init <your_generated_gpg-id_public_key>

The following is an example similar to what you see once you run the previous command:

mkdir: created directory '/home/molly/.password-store/'
Password store initialized for <generated_gpg-id_public_key>

Once you initialize pass, you can sign in on the Docker Dashboard and pull your private images. When Docker CLI or Docker Desktop use credentials, a user prompt may pop up for the password you set during the gpg key generation.

$ docker pull molly/privateimage
Using default tag: latest
latest: Pulling from molly/privateimage
3b9cc81c3203: Pull complete 
Digest: sha256:3c6b73ce467f04d4897d7a7439782721fd28ec9bf62ea2ad9e81a5fb7fb3ff96
Status: Downloaded newer image for molly/privateimage:latest
docker.io/molly/privateimage:latest

What's next?