From 046667c71292727733fd32cb2a8ac15c4bb42e81 Mon Sep 17 00:00:00 2001 From: sheltongraves <148902861+sheltongraves@users.noreply.github.com> Date: Sun, 27 Apr 2025 14:44:46 -0400 Subject: [PATCH 1/6] Update access.md Added Gated Distribution information to docs page. --- .../manuals/docker-hub/repos/manage/access.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/content/manuals/docker-hub/repos/manage/access.md b/content/manuals/docker-hub/repos/manage/access.md index 4dbf8f2d88d5..9d7f5ebd2165 100644 --- a/content/manuals/docker-hub/repos/manage/access.md +++ b/content/manuals/docker-hub/repos/manage/access.md @@ -132,3 +132,42 @@ To configure team repository permissions: Organizations can use OATs. OATs let you assign fine-grained repository access permissions to tokens. For more details, see [Organization access tokens](/manuals/security/for-admins/access-tokens.md). + +## Gated Distribution + +> **Availability**: Early Access + +Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories. + +This feature is ideal for commercial software publishers who want to control who can pull specific images while preserving a clean separation between internal users and external consumers. + +### Key features + +- **Private repository distribution**: Content is stored in private repositories and only accessible to explicitly invited users. + +- **External access without organization membership**: External users don't need to be added to your internal organization to pull images. + +- **Pull-only permissions**: External users receive pull-only access and cannot push or modify repository content. + +- **Invite-only access**: Access is granted through authenticated email invites, managed via API. + +### Invite distributor members via API + +> **Note** +> When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role. + +Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint. + +To invite distributor members: + +1. Use the [Authentication API](https://docs.docker.com/reference/api/hub/latest/#tag/authentication-api/operation/AuthCreateAccessToken) to generate a bearer token for your Docker Hub account. + +2. Create a team in the Hub UI or use the [Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/groups/paths/~1v2~1orgs~1%7Borg_name%7D~1groups/post). + +3. Grant repository access to the team: + - In the Hub UI: Navigate to your repository settings and add the team with "Read-only" permissions + - Using the [Repository Teams API](https://docs.docker.com/reference/api/hub/latest/#tag/repositories/paths/~1v2~1repositories~1%7Bnamespace%7D~1%7Brepository%7D~1groups/post): Assign the team to your repositories with "read-only" access level + +4. Use the [Bulk create invites endpoint](https://docs.docker.com/reference/api/hub/latest/#tag/invites/paths/~1v2~1invites~1bulk/post) to send email invites with the distributor member role. In the request body, set the "role" field to "distributor_member". + +5. The invited user will receive an email with a link to accept the invite. After signing in with their Docker ID, they'll be granted pull-only access to the specified private repository as a distributor member. From 4cb64a9e646bb03b4cca621908d6c64addbff868 Mon Sep 17 00:00:00 2001 From: sheltongraves <148902861+sheltongraves@users.noreply.github.com> Date: Tue, 29 Apr 2025 14:29:41 -0400 Subject: [PATCH 2/6] Update content/manuals/docker-hub/repos/manage/access.md Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> --- content/manuals/docker-hub/repos/manage/access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/docker-hub/repos/manage/access.md b/content/manuals/docker-hub/repos/manage/access.md index 9d7f5ebd2165..df891591df01 100644 --- a/content/manuals/docker-hub/repos/manage/access.md +++ b/content/manuals/docker-hub/repos/manage/access.md @@ -153,7 +153,7 @@ This feature is ideal for commercial software publishers who want to control who ### Invite distributor members via API -> **Note** +> [!NOTE] > When you invite members, you assign them a role. See [Roles and permissions](/manuals/security/for-admins/roles-and-permissions.md) for details about the access permissions for each role. Distributor members (used for gated distribution) can only be invited using the Docker Hub API. UI-based invitations are not currently supported for this role. To invite distributor members, use the Bulk create invites API endpoint. From c45b188088180c244a405a13f5beaa689a4b85a0 Mon Sep 17 00:00:00 2001 From: sheltongraves <148902861+sheltongraves@users.noreply.github.com> Date: Tue, 29 Apr 2025 14:29:48 -0400 Subject: [PATCH 3/6] Update content/manuals/docker-hub/repos/manage/access.md Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> --- content/manuals/docker-hub/repos/manage/access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/docker-hub/repos/manage/access.md b/content/manuals/docker-hub/repos/manage/access.md index df891591df01..272144ea80b2 100644 --- a/content/manuals/docker-hub/repos/manage/access.md +++ b/content/manuals/docker-hub/repos/manage/access.md @@ -135,7 +135,7 @@ tokens](/manuals/security/for-admins/access-tokens.md). ## Gated Distribution -> **Availability**: Early Access +> {{< summary-bar feature_name="Gated distribution" >}} Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories. From 0f25bc45de4358df04a70ea511224e1612972877 Mon Sep 17 00:00:00 2001 From: sheltongraves <148902861+sheltongraves@users.noreply.github.com> Date: Tue, 29 Apr 2025 14:29:53 -0400 Subject: [PATCH 4/6] Update content/manuals/docker-hub/repos/manage/access.md Co-authored-by: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> --- content/manuals/docker-hub/repos/manage/access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/docker-hub/repos/manage/access.md b/content/manuals/docker-hub/repos/manage/access.md index 272144ea80b2..5ed44d71316c 100644 --- a/content/manuals/docker-hub/repos/manage/access.md +++ b/content/manuals/docker-hub/repos/manage/access.md @@ -133,7 +133,7 @@ Organizations can use OATs. OATs let you assign fine-grained repository access permissions to tokens. For more details, see [Organization access tokens](/manuals/security/for-admins/access-tokens.md). -## Gated Distribution +## Gated distribution > {{< summary-bar feature_name="Gated distribution" >}} From 149a89d04f53584db9a7fbefc0582239b3a6d896 Mon Sep 17 00:00:00 2001 From: Craig Date: Wed, 14 May 2025 10:04:53 -0700 Subject: [PATCH 5/6] update data/summary.yaml Signed-off-by: Craig --- data/summary.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/summary.yaml b/data/summary.yaml index 4fe1f4f08607..b70427838e09 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -166,6 +166,8 @@ Domain audit: Enforce sign-in: subscription: [Business] for: Administrators +Gated distribution: + availability: Early Access General admin: for: Administrators GitHub Actions cache: From 42ede512138382a62c9741d5363d76a051b0480a Mon Sep 17 00:00:00 2001 From: Craig Date: Wed, 14 May 2025 10:10:59 -0700 Subject: [PATCH 6/6] fix suggestion typo Signed-off-by: Craig --- content/manuals/docker-hub/repos/manage/access.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/docker-hub/repos/manage/access.md b/content/manuals/docker-hub/repos/manage/access.md index 5ed44d71316c..0adac4195c49 100644 --- a/content/manuals/docker-hub/repos/manage/access.md +++ b/content/manuals/docker-hub/repos/manage/access.md @@ -135,7 +135,7 @@ tokens](/manuals/security/for-admins/access-tokens.md). ## Gated distribution -> {{< summary-bar feature_name="Gated distribution" >}} +{{< summary-bar feature_name="Gated distribution" >}} Gated distribution allows publishers to securely share private container images with external customers or partners, without giving them full organization access or visibility into your teams, collaborators, or other repositories.