Docker Registry Login with 2FA

Sorry if this is a stupid question… I want to login to the container registry with

docker login registry.gitlab.com -u <username> -p <password>

This doesn’t work with my gitlab.com username and password, presumably because I’m using 2FA, and I get the error

Error response from daemon: Get https://registry.gitlab.com/v2/: unauthorized: HTTP Basic: Access denied

My question is, what should I be using to log in? Do I need to create a personal access token? And if so, what scopes should I grant it?

2 Likes

I had the same problem. You need to get a personal access token and you need to add it to the registry url via the “private_token” parameter. Like this:

docker login registry.gitlab.com?private_token=<personal-access-token>

If you have a url with a different port on your url (as I did) you moreover need to put the port, say 5555, after the parameter:

docker login registry.gitlab.com?private_token=<personal-access-token>:5555

You still have to pass username and password or type it in yourself.

Unfortunately, I still couldn’t get the “docker push” to work, even after login, so I am not sure this is right.

yeah. it’s not right… it’s for reading only. According to personal tokens read_registry
Grants read-only access to container registry images on private projects.

If you want to write (push):
use something like this in your .gitlab-ci.yml

before_script:
  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN gitlab.example.com:5555

build:
  stage: build
  script:
    - docker build --pull -t $TEST_IMAGE .
    - docker push $TEST_IMAGE
1 Like
before_script:
  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN gitlab.example.com:5555

build:
  stage: build
  script:
    - docker build --pull -t $TEST_IMAGE .
    - docker push $TEST_IMAGE