Docker Registry Login with 2FA

alexthorne · March 6, 2017, 9:54am

Sorry if this is a stupid question… I want to login to the container registry with

docker login registry.gitlab.com -u <username> -p <password>

This doesn’t work with my gitlab.com username and password, presumably because I’m using 2FA, and I get the error

Error response from daemon: Get https://registry.gitlab.com/v2/: unauthorized: HTTP Basic: Access denied

My question is, what should I be using to log in? Do I need to create a personal access token? And if so, what scopes should I grant it?

Marc · September 3, 2018, 1:11pm

I had the same problem. You need to get a personal access token and you need to add it to the registry url via the “private_token” parameter. Like this:

docker login registry.gitlab.com?private_token=<personal-access-token>

If you have a url with a different port on your url (as I did) you moreover need to put the port, say 5555, after the parameter:

docker login registry.gitlab.com?private_token=<personal-access-token>:5555

You still have to pass username and password or type it in yourself.

Unfortunately, I still couldn’t get the “docker push” to work, even after login, so I am not sure this is right.

jimisan · October 11, 2018, 7:58pm

yeah. it’s not right… it’s for reading only. According to personal tokens read_registry
Grants read-only access to container registry images on private projects.

If you want to write (push):
use something like this in your .gitlab-ci.yml

before_script:
  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN gitlab.example.com:5555

build:
  stage: build
  script:
    - docker build --pull -t $TEST_IMAGE .
    - docker push $TEST_IMAGE

jimisan · October 11, 2018, 8:30pm

before_script:
  - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN gitlab.example.com:5555

build:
  stage: build
  script:
    - docker build --pull -t $TEST_IMAGE .
    - docker push $TEST_IMAGE

BenDavidAaron · November 9, 2021, 7:16pm

Found this while trying to login with 2FA enabled, and had a devil of a time figuring out how gitlab wanted me to present credentials. Eventually I had to login using this presentation:

docker login -u $PERSONAL_ACCESS_TOKEN_NAME -p $PERSONAL_ACCESS_TOKEN_KEY registry.gitlab.com

Topic		Replies	Views
Registry login does not work with token or $CI_REGISTRY_USER and $CI_REGISTRY_PASSWORD, but with regular user GitLab CI/CD docker , registry	0	2016	September 5, 2023
While pushing docker container i am getting denied access forbidden General	2	9767	April 27, 2023
What an account or token can push into Docker registry? GitLab CI/CD	1	1659	April 1, 2022
Personal Access Token (Jenkins + Gitlab) General	0	33	December 5, 2024
Docker registry - authorization token requiered How to Use GitLab	1	4582	May 30, 2017

Docker Registry Login with 2FA

Related topics