Authorization
Docker Hub
Prerequisites
To connect Nexla to Docker Hub, you will need a Docker Hub account and a Personal Access Token (PAT). Docker Hub PATs provide a secure, password-free method of authenticating API requests. They can be granted specific access scopes and revoked independently of your account password, making them well-suited for automated integrations.
Create a Docker Hub Personal Access Token
To generate a Personal Access Token for use with Nexla:
-
Sign in to Docker Hub with your Docker account credentials.
-
Select your avatar or username in the top-right corner of the page to open the account menu.
-
Select Account settings from the drop-down menu.
-
In the left navigation, select Personal access tokens under the Security section.
-
Click the Generate new token button.
-
Enter a descriptive label in the Access Token Description field to identify the token's purpose (for example,
Nexla Integration). -
Set the appropriate access permissions for the token:
- Read — Allows reading repository data, tags, and organization information.
- Read & Write — Allows reading data and writing to repositories, including creating repositories and managing team members.
- Read, Write & Delete — Allows full access including delete operations on repositories, tokens, and organization resources.
Select the minimum permission scope required for your Nexla integration. If you are only using Docker Hub as a data source to read repository, tag, audit log, and organization data, the Read scope is sufficient. If you plan to use Docker Hub as a destination (for example, to create repositories or manage team membership), select Read & Write or Read, Write & Delete as appropriate.
-
Click Generate to create the token.
Copy the generated token immediately and store it securely. Docker Hub displays the token value only once—it cannot be retrieved after you leave this screen. Treat the token like a password and store it in a secure credential manager.
- Note your Docker Hub username, which will also be required when creating the Nexla credential.
For additional details on managing Personal Access Tokens, refer to the Docker Hub Personal Access Tokens documentation.
Create a Docker Hub Credential
- To create a new Docker Hub credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
Credential Name & Description
-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.
Docker Hub Personal Access Token
Docker Hub uses a token-based authentication flow. Nexla sends your username and Personal Access Token to the Docker Hub authentication endpoint (/v2/auth/token) to obtain a short-lived bearer JWT, which is then used to authorize all subsequent API requests on your behalf.
-
Enter your Docker Hub username in the Username field. This is the username associated with your Docker Hub account (the same one you use to log in to hub.docker.com).
-
Enter the Personal Access Token you generated in the Personal Access Token field. This token is sent as the
secretfield to the Docker Hub authentication endpoint and must have the scopes required for your intended use.The Personal Access Token field is treated as a secure/masked field. Ensure you paste the complete token value exactly as copied from Docker Hub.
Save the Credential
-
Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.
-
The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.