From 2ac5e6a85686d488aca6a4106b22b183239dd9f9 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Thu, 1 May 2025 08:45:34 -0400 Subject: [PATCH 01/30] add settings reference --- .../settings-management/_index.md | 49 +- .../settings-management/settings-reference.md | 1672 +++++++++++++++++ 2 files changed, 1692 insertions(+), 29 deletions(-) create mode 100644 content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md index 48fc13100a01..bf3996fa33ce 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md @@ -12,48 +12,39 @@ weight: 10 {{< summary-bar feature_name="Hardened Docker Desktop" >}} -Settings Management helps you control key Docker Desktop settings, like proxies and network configurations, on your developers' machines within your organization. +Settings Management helps you control key Docker Desktop settings, like proxies +and network configurations, on your developers' machines within your +organization. -For an extra layer of security, you can also use Settings Management to enable and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md), which prevents containers from modifying any Settings Management configurations. +For an extra layer of security, you can also use Settings Management to enable +and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md), +which prevents containers from modifying any Settings Management configurations. ## Who is it for? -- For organizations that want to configure Docker Desktop to be within their organization's centralized control. -- For organizations that want to create a standardized Docker Desktop environment at scale. -- For Docker Business customers who want to confidently manage their use of Docker Desktop within tightly regulated environments. +- For organizations that want centralized control over Docker Desktop. +- For organizations that want to create a standardized Docker Desktop +environment at scale. +- For Docker Business customers who want to confidently manage their use of +Docker Desktop within tightly regulated environments. ## How does it work? -You can configure several Docker Desktop settings using either: +With Settings Management, you can configure Docker Desktop settings using: - - An `admin-settings.json` file. This file is located on the Docker Desktop host and can only be accessed by developers with root or administrator privileges. + - An `admin-settings.json` file. This file is located on the Docker Desktop + host and can only be accessed by developers with root or administrator + privileges. - Creating a settings policy in the Docker Admin Console. -Settings that are defined by an administrator override any previous values set by developers and ensure that these cannot be modified. +Settings that are defined by an administrator override any previous values set +by developers and ensure that these cannot be modified. ## What features can I configure with Settings Management? -Using the `admin-settings.json` file, you can: - -- Turn on and lock in [Enhanced Container Isolation](../enhanced-container-isolation/_index.md) -- Configure HTTP proxies -- Configure network settings -- Configure Kubernetes settings -- Enforce the use of WSL 2 based engine or Hyper-V -- Enforce the use of Rosetta for x86_64/amd64 emulation on Apple Silicon -- Configure Docker Engine -- Turn off Docker Desktop's ability to checks for updates -- Turn off Docker Extensions -- Turn off Docker Scout SBOM indexing -- Turn off beta and experimental features -- Turn off Docker AI ([Ask Gordon](/manuals/ai/gordon/_index.md)) -- Turn off Docker Desktop's onboarding survey -- Control whether developers can use the Docker terminal -- Control the file sharing implementation for your developers on macOS -- Specify which paths your developers can add file shares to -- Configure Air-gapped containers - -For more details on the syntax and options, see [Configure Settings Management](configure-json-file.md). +You can configure a wide range of features, from proxies and Kubernetes settings +to Enhanced Container isolation. For more information, view the [full list of +configurable settings](). ## How do I set up and enforce Settings Management? diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md new file mode 100644 index 000000000000..ba0499ddd831 --- /dev/null +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md @@ -0,0 +1,1672 @@ +--- +description: Reference for all settings and features that are configured with Settings Management +keywords: admin, controls, settings management, reference +title: Settings reference +linkTitle: Settings reference +--- + +This reference lists all Docker Desktop settings, including where they live, +which operating systems they apply to, and whether they're configurable via the +Docker Admin Console or the `admin-settings.json` file. + +Each setting includes: + +- Name +- Description +- OS compatibility +- The default value when a user first downloads Docker Desktop +- Accepted values +- Format of accepted values +- Use cases +- Details of how to configure the setting, either with [Docker Desktop](/manuals/desktop/settings-and-maintenance/settings.md) or +Settings Management (either Admin Console or `admin-settings.json` file) + +For details on the format and usage of the `admin-settings.json` file, see +[Configure Settings Management with a JSON file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md). + +## `AcceptCanaryUpdates` + +- **Description:** Opt in to early access of Docker Desktop updates. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable early access to test new releases before general +availability. +- **Configure this setting with:** + - `settings-store.json` or `settings.json` files + +## `ActiveOrganizationName` + +- **Description:** Stores the active organization name for Docker Business +accounts +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** String +- **Format:** String +- **Use case:** Manage organization-specific Docker settings. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `AllowBetaFeatures` +- **Description:** Allow access to Beta features in Docker Desktop. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable early features for testing upcoming functionality. +- **Configure this setting with:** + - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Access beta features** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `AllowExperimentalFeatures` + +- **Description:** Allow access to Experimental features in Docker Desktop. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable experimental features. +- **Configure this setting with:** + - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `allowExperimentalFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Access experimental features** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `AnalyticsEnabled` + +- **Description:** Send usage statistics and crash reports to Docker. If set to +`false`, Docker Desktop doesn't send usage statistics to Docker. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable analytics to help Docker improve the product based on +usage data. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `AutoDownloadUpdates` + +- **Description:** Automatically download Docker Desktop updates when available. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Manage auto update behavior. +- **Configure this setting with:** + - Software updates settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `AutoPauseTimedActivitySeconds` + +- **Description:** Number of seconds before Docker Desktop auto-pauses due to +inactivity. +- **OS compatibility:** All +- **Default value:** `30` +- **Accepted values:** Integer (seconds) +- **Format:** Integer +- **Use case:** Save system resources during periods of inactivity. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `AutoPauseTimeoutSeconds` + +- **Description:** Maximum idle time allowed before Docker Desktop pauses. +- **OS compatibility:** All +- **Default value:** `300` +- **Accepted values:** Integer (seconds) +- **Format:** Integer +- **Use case:** Manage Docker Desktop pause behavior during long idle periods. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `AutoStart` + +- **Description:** Start Docker Desktop automatically when booting machine. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Ensure Docker Desktop is always running after boot. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `BackupData` + +- **Description:** Enable or disable backup of Docker Desktop application data. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Manage persistence of application data. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `BlockDockerLoad` + +- **Description:** Block the `docker load` command to prevent loading local images. +If the value is set to `true`, users are no longer able to run `docker load` +and receive an error if they try to. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Harden security by restricting local image loading. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Block Docker load** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ContainerTerminal` + +- **Description:** Select default terminal for launching Docker CLI from Docker +Desktop. +- **OS compatibility:** All +- **Default value:** `integrated` +- **Accepted values:** `integrated`, `system` +- **Format:** String +- **Use case:** Customize developer experience with preferred terminal. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ContainersOverrideProxyExclude` + +- **Description:** Configure addresses that containers should bypass from proxy +settings. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** List of addresses +- **Format:** String +- **Use case:** Fine-tune proxy exceptions for container networking. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ContainersOverrideProxyHTTP` + +- **Description:** HTTP proxy setting for container networking. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Set up container traffic to use a custom HTTP proxy. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ContainersOverrideProxyHTTPS` + +- **Description:** HTTPS proxy setting for container networking. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Set up container traffic to use a custom HTTPS proxy. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ContainersOverrideProxyPAC` + +- **Description:** PAC (Proxy Auto-config) URL for container networking. +- **OS compatibility:** Windows +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Automatically configure container proxy routing via PAC file. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: **PAC** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ContainersOverrideProxyTCP` + +- **Description:** TCP proxy setting for container networking. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** String +- **Format:** String +- **Use case:** Configure advanced TCP proxy for containers. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ContainersOverrideProxyTransparentPorts` + +- **Description:** List of ports to bypass transparent proxying in containers. +- **OS compatibility:** All +- **Default value:** `80,443` +- **Accepted values:** List of ports +- **Format:** String +- **Use case:** Exclude specific ports from transparent proxy behavior. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: **Transparent ports** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ContainersProxyHTTPMode` + +- **Description:** Creates air-gapped containers. For more information, see +[Air-Gapped Containers](/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md). +- **OS compatibility:** All +- **Default value:** `system` +- **Accepted values:** `manual`, `system` +- **Format:** String +- **Use case:** Fine-tune container proxy behavior. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `containersProxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Proxy mode** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `Cpus` + +- **Description:** Number of CPUs assigned to the Docker Desktop virtual machine. +- **OS compatibility:** All +- **Default value:** The number of logical CPU cores available on the host system. +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Resource allocation control. +- **Configure this setting with:** + - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `CredentialHelper` + +- **Description:** Credential storage helper to use for `docker login`. +- **OS compatibility:** macOS +- **Default value:** `desktop` +- **Accepted values:** String +- **Format:** String +- **Use case:** Manage secure storage of Docker credentials. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `CustomWslDistroDir` + +- **Description:** Custom path for WSL2 distributions managed by Docker. +- **OS compatibility:** Windows + WSL +- **Default value:** `%USERPROFILE%\AppData\Local\Docker\wsl\distro` +- **Accepted values:** File path +- **Format:** String +- **Use case:** Control where Docker stores WSL2 distributions. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DataFolder` + +- **Description:** Path where Docker Desktop stores virtual machine data. +- **OS compatibility:** All +- **Default value:** + - macOS: `~/Library/Containers/com.docker.docker/Data/vms/0` + - Windows: `%USERPROFILE%\AppData\Local\Docker\wsl\data` +- **Accepted values:** File path +- **Format:** String +- **Use case:** Redirect Docker data to a custom location. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DefaultSnapshotter` + +- **Description:** Set the default container snapshotter. +- **OS compatibility:** All +- **Default value:** `overlayfs` +- **Accepted values:** String +- **Format:** String +- **Use case:** Control storage backend for container layers. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DeprecatedCgroupv1` + +- **Description:** Enable cgroup v1 support if needed for compatibility. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Maintain compatibility with legacy software. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DesktopTerminalEnabled` + +- **Description:** Enable access to the Docker Desktop integrated terminal. If +the value is set to `false`, users can't use the Docker terminal to interact +with the host machine and execute commands directly from Docker Desktop. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Allow or restrict developer access to the built-in terminal. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## `DefaultNetworkingMode` + +- **Description:** Set the default networking mode for containers. +- **OS compatibility:** All +- **Default value:** `ipv4only` +- **Accepted values:** `ipv4only`, `ipv6only`, `dual-stack` +- **Format:** Enum +- **Use case:** Specify a custom container network mode. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DevEnvironmentsEnabled` + +- **Description:** Enable the Docker Dev Environments feature. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Control access to experimental development workflows. +- **Configure this setting with:** + - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DisableHardwareAcceleration` + +- **Description:** Disable hardware (GPU) acceleration support. +- **OS compatibility:** Windows +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Work around graphics driver issues or run in VMs. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DisableUpdate` + +- **Description:** Disable automatic update polling for Docker Desktop. If the +value is set to `true`, checking for updates and notifications about Docker +Desktop updates are disabled. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Freeze the current version in enterprise environments. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Disable update** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `DiskFlush` + +- **Description:** Control when data flushing occurs for the VM disk. +- **OS compatibility:** All +- **Default value:** `os` +- **Accepted values:** String +- **Format:** String +- **Use case:** Tune disk performance versus safety. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DiskSizeMiB` + +- **Description:** Maximum disk size (in MiB) allocated for Docker Desktop. +- **OS compatibility:** All +- **Default value:** Default disk size of machine. +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Constrain Docker's virtual disk size for storage management. +- **Configure this setting with:** + - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DiskStats` + +- **Description:** Disk usage statistics. +- **OS compatibility:** macOS +- **Default value:** `""` +- **Accepted values:** String +- **Format:** String +- **Use case:** Monitor or debug disk usage performance on Unix-based systems. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DiskTRIM` + +- **Description:** Enable TRIM operation support to reclaim unused disk space. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Optimize disk usage over time. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DisplayRestartDialog` + +- **Description:** Show a restart notification when settings changes require a +restart. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Provide user feedback about restart requirements. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DisplaySwitchWinLinContainers` + +- **Description:** Allow users to switch between Linux and Windows containers. +- **OS compatibility:** Windows +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Flexibility in development environments. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `Displayed18362Deprecation` + +- **Description:** Show the deprecation warning for Windows build 18362. +- **OS compatibility:** Windows +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Prevent showing the same Windows version deprecation warning +multiple times. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DisplayedElectronPopup` + +- **Description:** Show Electron (tips, alerts, announcements) pop-ups for users. +- **OS compatibility:** All +- **Default value:** `[]` +- **Accepted values:** List of strings +- **Format:** Array with list of strings +- **Use case:** Prevents Docker Desktop from repeatedly showing the same popup +messages. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DisplayedOnboarding` + +- **Description:** Display the onboarding survey for Docker Desktop. If the +value is set to `true`, the onboarding survey will not be displayed to new +users. Settings the value to `false` has no effecct. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Prevents Docker Desktop from repeatedly showing onboarding. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `displayedOnboarding` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Hide onboarding survey** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `DockerAppLaunchPath` + +- **Description:** Path to the Docker Desktop application executable on macOS. +- **OS compatibility:** macOS +- **Default value:** `/Applications/Docker.app` +- **Accepted values:** File path +- **Format:** String +- **Use case:** Custom install management or scripting. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DockerBinInstallPath` + +- **Description:** Install location for Docker CLI binaries. +- **OS compatibility:** All +- **Default value:** `system` +- **Accepted values:** File path +- **Format:** String +- **Use case:** Customize CLI install location for compliance or tooling. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `DockerDebugDefaultEnabled` + +- **Description:** Enable debug logging by default for Docker CLI commands. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Assist with debugging support issues. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ECIDockerSocketAllowDerivedImages` + +- **Description:** Allow Enhanced Container Isolation (ECI) to use derived images. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Permit use of base images with layered builds in ECI mode. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: **Allow derived images** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ECIDockerSocketCmdList` + +- **Description:** Restricts the commands that containers can issue via the +bind-mounted Docker Engine socket. +- **OS compatibility:** All +- **Default value:** `[]` +- **Accepted values:** List of strings +- **Format:** Array with list of strings +- **Use case:** Fine-tune developer CLI access in hardened environments. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `commandList` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Command list** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ECIDockerSocketCmdListType` + +- **Description:** Whether the ECI command list is an allow-list or deny-list. +- **OS compatibility:** All +- **Default value:** `deny` +- **Accepted values:** `allow`, `deny` +- **Format:** String +- **Use case:** Determine behavior of `ECIDockerSocketCmdList`. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ECIDockerSocketImgList` + +- **Description:** Indicates which container images are allowed to bind-mount +the Docker Engine socket. +- **OS compatibility:** All +- **Default value:** `[]` +- **Accepted values:** List of strings +- **Format:** Array list of strings +- **Use case:** Restrict containers to a known set of images. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `imageList` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Manageament: **Image list** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `EnableDefaultDockerSocket` + +- **Description:** By default, enhanced container isolation blocks bind-mounting +the Docker Engine socket into containers +(e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This lets +you relax this in a controlled way. See ECI Configuration for more info. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Allow containers to access the Docker socket for scenarios like +Docker-in-Docker or containerized CI agents. +- **Configure this setting with:** + - Advanced settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## `EnableDockerAI` + +- **Description:** Enable Docker AI features in the Docker Desktop experience. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable or disable AI features like "Ask Gordon". +- **Configure this setting with:** + - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## `EnableIntegrationWithDefaultWslDistro` + +- **Description:** Automatically integrate Docker with the default WSL +distribution. +- **OS compatibility:** Windows + WSL +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Ensure Docker integrates with default WSL distro automatically. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `EnableIntegrityCheck` + +- **Description:** Perform integrity checks on Docker Desktop binaries. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enforce binary verification for security. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `EnableSegmentDebug` + +- **Description:** Enable debug logging for Docker Desktop’s Segment analytics +events. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Troubleshoot or inspect analytics event delivery during +development or support sessions. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `EnableWasmShims` + +- **Description:** Enable WebAssembly (Wasm) shims to run Wasm containers. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Run Wasm workloads in Docker Desktop. +- **Configure this setting with:** + - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `EnhancedContainerIsolation` + +- **Description:** Enable Enhanced Container Isolation for secure container +execution. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Prevent containers from modifying configuration or sensitive +host areas. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ExposeDockerAPIOnTCP2375` + +- **Description:** Expose the Docker API over TCP on a specified port. If value +is set to `true`, the Docker API is exposed on port 2375. This port is +unauthenticated and should only be enabled if protected by suitable firewall +rules. +- **OS compatibility:** Windows +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Allow non-TLS API access for development/testing. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `exposeDockerAPIOnTCP2375` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Expose Docker API** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ExtensionsEnabled` + +- **Description:** Enable or disable Docker Extensions. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Control access to the Extensions Marketplace and installed +extensions. +- **Configure this setting with:** + - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ExtensionsPrivateMarketplace` + +- **Description:** Enable a private marketplace for Docker Extensions. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Restrict extension installation to curated extensions. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ExtensionsPrivateMarketplaceAdminContactURL` + +- **Description:** Set a contact URL for admins on the private extensions +marketplace page. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Help users contact support if they can’t find an extension. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `FilesharingDirectories` + +- **Description:** List of allowed directories shared between the host and +containers. When a path is added, its subdirectories are allowed. +- **OS compatibility:** All +- **Default value:** Varies by OS (typically includes user and temp directories) +- **Accepted values:** List of file paths as strings. This setting also accepts +`$HOME`, `$TMP`, or `$TEMP` as path variables. +- **Format:** Array list of strings +- **Use case:** Restrict or define what file paths are available to containers. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `HostNetworkingEnabled` + +- **Description:** Enable experimental host networking support. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Allow containers to use the host network stack. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `KubernetesEnabled` + +- **Description:** Enable the integrated Kubernetes cluster in Docker Desktop. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable or disable Kubernetes support for developers. +- **Configure this setting with:** + - Kubernetes settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `KubernetesImagesRepository` + +- **Description:** Set a custom repository for Kubernetes images. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Support Kubernetes use in restricted or offline environments. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `imagesRepository` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Kubernetes images repository** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `KubernetesMode` + +- **Description:** Set the Kubernetes node mode (single-node or multi-node). +- **OS compatibility:** All +- **Default value:** `kubeadm` +- **Accepted values:** String +- **Format:** String +- **Use case:** Control the topology of the integrated Kubernetes cluster. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `KubernetesNodesCount` + +- **Description:** Number of nodes to create in a multi-node Kubernetes cluster. +- **OS compatibility:** All +- **Default value:** `1` +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Scale the number of Kubernetes nodes for development or testing. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `KubernetesNodesVersion` + +- **Description:** Version of Kubernetes used for cluster node creation. +- **OS compatibility:** All +- **Default value:** `1.31.1` +- **Accepted values:** Semantic version (e.g., `1.29.1`) +- **Format:** String +- **Use case:** Pin a specific Kubernetes version for consistency or +compatibility. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `LastLoginDate` + +- **Description:** Timestamp of last successful Docker Desktop login. +- **OS compatibility:** All +- **Default value:** `0` +- **Accepted values:** `int64` values +- **Format:** Integer in `int64` format +- **Use case:** Display usage activity. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `LatestBannerKey` + +- **Description:** Tracks the most recently shown in-app banner. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** String +- **Format:** String +- **Use case:** Prevent repeated display of the same banner across sessions. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `LicenseTermsVersion` + +- **Description:** Version of Docker Desktop license terms accepted by the user. +- **OS compatibility:** All +- **Default value:** `0` +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Audit license terms agreement. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `LifecycleTimeoutSeconds` + +- **Description:** Number of seconds Docker Desktop waits for the Docker Engine +to start before timing out. +- **OS compatibility**: All +- **Default value:** `600` +- **Accepted values:** Integer (seconds) +- **Format:** Integer +- **Use case:** Extend or reduce the timeout window for environments where the +engine may start slowly. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `MemoryMiB` + +- **Description:** Amount of RAM (in MiB) assigned to the Docker virtual machine. +- **OS compatibility:** All +- **Default value:** Based on system resources +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Control how much memory Docker can use on the host. +- **Configure this setting with:** + - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OnlyMarketplaceExtensions` + +- **Description:** Restrict Docker Desktop to only run Marketplace extensions. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Prevent running third-party or local extensions. +- **Configure this setting with:** + - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OpenUIOnStartupDisabled` + +- **Description:** Prevent the Docker Desktop UI from opening automatically at +startup. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Streamline startup experience. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OverrideProxyExclude` + +- **Description:** Comma-separated list of domain patterns that should bypass +the proxy. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** String +- **Format:** String +- **Use case:** Exclude internal services or domains from being routed through +the proxy. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OverrideProxyHTTP` + +- **Description:** Override the default HTTP proxy used by Docker Desktop and +its containers. +- **OS compatibility**: All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Route container HTTP traffic through a specific proxy. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OverrideProxyHTTPS` + +- **Description:** Override the default HTTPS proxy used by Docker Desktop and +its containers. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Route container HTTPS traffic through a specific proxy. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OverrideProxyPAC` + +- **Description:** URL to a Proxy Auto-Config (PAC) file to dynamically +configure proxy rules. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Load dynamic proxy rules from a PAC file. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OverrideProxyTCP` + +- **Description:** Override the TCP proxy settings used by Docker Desktop. +- **OS compatibility:** All +- **Default value:** `""` +- **Accepted values:** URL string +- **Format:** String +- **Use case:** Define a custom proxy for TCP traffic not covered by +HTTP/HTTPS proxies. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `OverrideWindowsDockerdPort` + +- **Description:** Exposes Docker Desktop's internal proxy locally on this port +for the Windows Docker daemon to connect to. If set to `0`, a random free port +is chosen. If the value is greater than 0, it uses that exact value for the port. +-1 disables the option. +- **OS:** Windows +- **Description:** Override the port used by the Windows Docker deamon. +- **Default value:** `-1` +- **Use case:** Allow precise control of how Docker Desktop exposes its +internal proxy for `dockerd.exe`. +- **Configure this settings with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `windowsDockerdPort` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Override Windows “dockerd” port** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ProxyEnableKerberosNTLM` + +- **Description:** Enable Kerberos and NTLM authentication for the proxy. +- **OS:** Windows +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Allow Docker Desktop to authenticate with enterprise proxies +that require Kerberos or NTLM credentials. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `enableKerberosNtlm` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Kerberos NTLM** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ProxyHTTPMode` + +- **Description:** Proxy mode setting. If mode is set to `system` instead of +`manual`, Docker Desktop gets the proxy values from the system and ignores +values set for `http`, `https`, and `exclude`. To manually configure proxy +servers, use `manual`. +- **OS compatibility:** All +- **Default value:** `system` +- **Accepted values:** `system`, `manual` +- **Format:** String +- **Use case:** Control how Docker Desktop uses or ignores system proxy settings. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `proxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ProxyLocalhostPort` + +- **Description:** Specifies the local port used by Docker Desktop’s internal +proxy to route container traffic through the host network. +- **OS compatibility:** All +- **Default value:** `0` +- **Accepted values:** Integer (port number) +- **Format:** Integer +- **Use case:** Bind the internal proxy to a fixed localhost port for debugging +or compatibility with network security tools. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `RequireVmnetd` + +- **Description:** Require the privileged helper (`vmnetd`) for networking on +macOS. +- **OS compatibility:** macOS +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enforce elevated privileges for networking support +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `RunWinServiceInWslMode` + +- **Description:** Allow the Windows service that supports Docker Desktop to +run in WSL mode for enhanced integration. +- **OS compatibility:** Windows + WSL +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable deeper integration between the Windows service layer and +the WSL-based Docker backend. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SbomIndexing` + +- **Description:** Enable SBOM indexing for container images +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Control whether Docker indexes SBOMs for images +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `ScoutNotificationPopupsEnabled` + +- **Description:** Enable Docker Scout popups inside Docker Desktop. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Show or hide vulnerability scan notifications +- **Configure this setting with:** + - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ScoutOsNotificationsEnabled` + +- **Description:** Enable Docker Scout notifications through the operating system. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Push Scout updates via system notification center +- **Configure this setting with:** + - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SettingsVersion` + +- **Description:** Specifies the version of the settings configuration file format +- **OS compatibility:** All +- **Default value:** `CurrentSettingsVersions` +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Track schema versions for compatibility +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `configurationFileVersion` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## `ShowAnnouncementNotifications` + +- **Description:** Display general announcements inside Docker Desktop. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable or suppress Docker-wide announcements in the UI. +- **Configure this setting with:** + - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ShowExtensionsSystemContainers` + +- **Description:** Show system containers used by Docker Extensions in the container list +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Help developers troubleshoot or view extension system containers +- **Configure this setting with:** + - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ShowGeneralNotifications` + +- **Description:** Display general informational messages inside Docker Desktop +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Customize in-app communication visibility +- **Configure this setting with:** + - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ShowInstallScreen` + +- **Description:** Show the installation onboarding screen in Docker Desktop +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Control whether onboarding screens are shown after installation +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ShowKubernetesSystemContainers` + +- **Description:** Show Kubernetes system containers in the Docker Dashboard container list +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Allow developers to view kube-system containers for debugging +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ShowPromotionalNotifications` + +- **Description:** Display promotional announcements and banners inside Docker Desktop +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Control exposure to Docker news and feature promotion +- **Configure this setting with:** + - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ShowSurveyNotifications` + +- **Description:** Display notifications inviting users to participate in surveys +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable or disable in-product survey prompts +- **Configure this setting with:** + - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SkipUpdateToWSLPrompt` + +- **Description:** Skip prompting users to upgrade to the WSL 2 backend +- **OS compatibility:** Windows + WSL +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Silence UI nudges to switch WSL versions +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SkipWSLMountPerfWarning` + +- **Description:** Skip the performance warning about WSL mount speed. +- **OS compatibility:** Windows + WSL +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Suppress warnings for known limitations or user preference +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SocksProxyPort` + +- **Description:** Local SOCKS proxy port for Docker Desktop. +- **OS compatibility:** All +- **Default value:** `0` +- **Accepted values:** Integer (port) +- **Format:** Integer +- **Use case:** Route Docker traffic through a SOCKS proxy +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SwapMiB` + +- **Description:** Amount of swap space (in MiB) assigned to the Docker virtual machine +- **OS compatibility:** All +- **Default value:** `1024` +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Extend memory availability via swap +- **Configure this setting with:** + - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `SynchronizedDirectories` + +- **Description:** Directories that should be synchronized between host and +container filesystems. +- **OS compatibility:** All +- **Default value:** Varies by system and user configurations +- **Accepted values:** Array of file paths as strings +- **Format:** Array +- **Use case:** Improve performance for bind mounts and volume sharing. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `ThemeSource` + +- **Description:** Choose the Docker Desktop UI theme +- **OS compatibility:** All +- **Default value:** `system` +- **Accepted values:** `light`, `dark`, `system` +- **Format:** Enum +- **Use case:** Personalize Docker Desktop appearance +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UpdateAvailableTime` + +- **Description:** Timestamp of last update availability check +- **OS compatibility:** All +- **Default value:** `0` +- **Accepted values:** ISO 8601 timestamp +- **Format:** String +- **Use case:** Telemetry and internal logic +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UpdateHostsFile` + +- **Description:** Allow Docker Desktop to update the system `hosts` file +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Support DNS resolution for internal services +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UpdateInstallTime` + +- **Description:** Timestamp of last Docker Desktop update installation. +- **OS compatibility:** All +- **Default value:** `0` +- **Accepted values:** ISO 8601 timestamp +- **Format:** String +- **Use case:** Track install history. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseBackgroundIndexing` + +- **Description:** Enable background indexing of local Docker images for Docker +Scout. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Improve performance of features like image search. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `useBackgroundIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Background indexing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `UseContainerdSnapshotter` + +- **Description:** Use containerd native snapshotter instead of legacy +snapshotters. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Improve image handling performance and compatibility. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseCredentialHelper` + +- **Description:** Use the configured credential helper to securely store and +retrieve Docker registry credentials. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable secure, system-integrated storage of Docker login +credentials instead of plain-text config files. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseGrpcfuse` + +- **Description:** Enable gRPC FUSE for macOS file sharing. If value is set to +`true`, gRPC Fuse is set as the file sharing mechanism. +- **OS compatibility:** macOS +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Improve performance and compatibility of file mounts. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `UseLibkrun` + +- **Description:** Enable lightweight VM virtualization via libkrun. +- **OS compatibility:** macOS +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Run containers in microVMs using libkrun. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseNightlyBuildUpdates` + +- **Description:** Enable updates from the Docker Desktop nightly build channel +instead of the stable release channel. +- **OS compatibility:** All +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Receive early access to experimental features and fixes by +subscribing to nightly builds. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseResourceSaver` + +- **Description:** Enable Docker Desktop to pause when idle. +- **OS compatibility:** All +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Save system resources during periods of inactivity. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseVirtualizationFramework` + +- **Description:** Use Apple Virtualization Framework to run Docker containers. +- **OS compatibility:** macOS +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Improve VM performance on Apple Silicon. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseVirtualizationFrameworkRosetta` + +- **Description:** Use Rosetta to emulate `amd64` on Apple Silicon. If value +is set to `true`, Docker Desktop turns on Rosetta to accelerate +x86_64/amd64 binary emulation on Apple Silicon. +- **OS compatibility:** macOS 13+ +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Run Intel-based containers on Apple Silicon hosts. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `UseVirtualizationFrameworkVirtioFS` + +- **Description:** Use VirtioFS for fast, native file sharing between host and +containers. If value is set to `true`, VirtioFS is set as the file sharing +mechanism. If both VirtioFS and gRPC are set to `true`, VirtioFS takes +precedence. +- **OS compatibility:** macOS 12.5+ +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Improve volume mount performance and compatibility. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `UseVpnkit` + +- **Description:** Use vpnkit for Docker Desktop networking on macOS. +- **OS compatibility:** macOS +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable or disable vpnkit as the networking backend. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `UseWindowsContainers` + +- **Description:** Enable Windows container mode in Docker Desktop. +- **OS compatibility:** Windows +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Switch between Linux and Windows container runtimes. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `windowContainters` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## `VpnKitAllowedBindAddresses` + +- **Description:** Specify which local IP addresses vpnkit is allowed to bind +to for handling network traffic. +- **OS compatibility:** All +- **Default value:** `0.0.0.0` +- **Accepted values:** IP address +- **Format:** String +- **Use case:** Restrict or allow vpnkit to bind to specific interfaces for +security or debugging purposes. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `VpnKitMTU` + +- **Description:** Set the Maximum Transmission Unit (MTU) for vpnkit’s virtual +network interface. +- **OS compatibility:** All +- **Default value:** `1500` +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Tune network performance or resolve issues with packet +fragmentation when using vpnkit. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `VpnKitMaxConnections` + +- **Description:** Set the maximum number of simultaneous network connections +vpnkit can handle. +- **OS compatibility:** All +- **Default value:** `2000` +- **Accepted values:** Integer +- **Format:** Integer +- **Use case:** Control resource usage or support high-connection workloads +inside containers. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `VpnKitMaxPortIdleTime` + +- **Description:** Maximum idle time in seconds before vpnkit closes an +unused port. +- **OS compatibility:** All +- **Default value:** `300` +- **Accepted values:** Integer (seconds) +- **Format:** Integer +- **Use case:** Improve performance and free up unused ports by closing +idle connections. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `VpnKitTransparentProxy` + +- **Description:** Enable transparent proxying in vpnkit. +- **OS compatibility:** macOS +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Seamlessly forward traffic through proxies using vpnkit. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `VpnkitCIDR` + +- **Description:** Overrides the network range used for vpnkit DHCP/DNS for +`*.docker.internal`. +- **OS compatibility:** macOS +- **Default value:** `192.168.65.0/24` +- **Accepted values:** IP address +- **Format:** String +- **Use case:** Customize the subnet used for Docker container networking. +- **Configure this setting with:** + - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + + +## `WslDiskCompactionThresholdGb` + +- **Description:** Minimum free disk space required to trigger WSL disk +compaction. +- **OS compatibility:** Windows + WSL +- **Default value:** `0` +- **Accepted values:** Integer (GB) +- **Format:** Integer +- **Use case:** Automatically reclaim unused space from WSL disks. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `WslEnableGrpcfuse` + +- **Description:** Enable gRPC FUSE file sharing in WSL2 mode. +- **OS compatibility:** Windows + WSL +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Improve performance and compatibility for file mounts in WSL. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `WslEngineEnabled` + +- **Description:** If the value is set to `true`, Docker Desktop uses the WSL2 +based engine. This overrides anything that may have been set at installation +using the `--backend=` flag. +- **OS compatibility:** Windows + WSL +- **Default value:** `true` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Enable Linux containers via WSL 2 backend. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## `WslInstallMode` + +- **Description:** Select how Docker Desktop installs and manages WSL on +Windows systems. +- **OS compatibility:** Windows + WSL +- **Default value:** `installLatestWsl` +- **Accepted values:** `installLatestWsl`, `manualInstall` +- **Format:** String +- **Use case:** Control whether Docker Desktop installs WSL automatically or +relies on a pre-installed version. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files + +## `WslUpdateRequired` + +- **Description:** Indicates whether a WSL update is required for Docker Desktop +to function. +- **OS compatibility:** Windows + WSL +- **Default value:** `false` +- **Accepted values:** `true`, `false` +- **Format:** Boolean +- **Use case:** Internal check for platform support. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `settings-store.json` or `settings.json` files From f8e5a1d8821bdf382c64c91d3d3adacccc156d17 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Thu, 1 May 2025 16:12:22 -0400 Subject: [PATCH 02/30] add format tables --- .../settings-management/settings-reference.md | 1416 +++++++++-------- 1 file changed, 761 insertions(+), 655 deletions(-) diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md index ba0499ddd831..c5cd8b23c8eb 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md @@ -11,186 +11,194 @@ Docker Admin Console or the `admin-settings.json` file. Each setting includes: -- Name +- Desktop setting name +- A values table that includes: the default value when a user first downloads +Docker Desktop, accepted values, and the format of accepted values - Description - OS compatibility -- The default value when a user first downloads Docker Desktop -- Accepted values -- Format of accepted values - Use cases -- Details of how to configure the setting, either with [Docker Desktop](/manuals/desktop/settings-and-maintenance/settings.md) or +- How to configure the setting: Wwith [Docker Desktop](/manuals/desktop/settings-and-maintenance/settings.md) or Settings Management (either Admin Console or `admin-settings.json` file) For details on the format and usage of the `admin-settings.json` file, see [Configure Settings Management with a JSON file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md). -## `AcceptCanaryUpdates` +## Accept canary updates + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | - **Description:** Opt in to early access of Docker Desktop updates. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable early access to test new releases before general availability. - **Configure this setting with:** - - `settings-store.json` or `settings.json` files + - `AcceptCanaryUpdates` in `settings-store.json` or `settings.json` files -## `ActiveOrganizationName` +## Active organization name + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | String | String | - **Description:** Stores the active organization name for Docker Business accounts -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Manage organization-specific Docker settings. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ActiveOrganizationName` in `settings-store.json` or `settings.json` files + +## Allow beta features + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `true` | `true`, `false` | Boolean | -## `AllowBetaFeatures` - **Description:** Allow access to Beta features in Docker Desktop. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable early features for testing upcoming functionality. - **Configure this setting with:** - - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `AllowBetaFeatures` in `settings-store.json` or `settings.json` files - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Access beta features** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `AllowExperimentalFeatures` +## Access experimental features + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `true` | `true`, `false` | Boolean | - **Description:** Allow access to Experimental features in Docker Desktop. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable experimental features. - **Configure this setting with:** - - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Features in development** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `AllowExperimentalFeatures` in `settings-store.json` or `settings.json` files - Settings Management: `allowExperimentalFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Access experimental features** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `AnalyticsEnabled` +## Always download updates -- **Description:** Send usage statistics and crash reports to Docker. If set to -`false`, Docker Desktop doesn't send usage statistics to Docker. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean -- **Use case:** Enable analytics to help Docker improve the product based on -usage data. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `AutoDownloadUpdates` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | - **Description:** Automatically download Docker Desktop updates when available. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Manage auto update behavior. - **Configure this setting with:** - - Software updates settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Software updates** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `AutoDownloadUpdates` in `settings-store.json` or `settings.json` files + - Settings Management: **Disable updates** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `AutoPauseTimedActivitySeconds` +## Auto pause activity + +| Default value | Accepted values | Format | +|---------------|---------------------|---------| +| `30` | Integer (seconds) | Integer | - **Description:** Number of seconds before Docker Desktop auto-pauses due to inactivity. -- **OS compatibility:** All -- **Default value:** `30` -- **Accepted values:** Integer (seconds) -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Save system resources during periods of inactivity. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `AutoPauseTimedActivitySeconds` in `settings-store.json` or `settings.json` files + +## Auto pause timeout -## `AutoPauseTimeoutSeconds` +| Default value | Accepted values | Format | +|---------------|---------------------|---------| +| `300` | Integer (seconds) | Integer | - **Description:** Maximum idle time allowed before Docker Desktop pauses. -- **OS compatibility:** All -- **Default value:** `300` -- **Accepted values:** Integer (seconds) -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Manage Docker Desktop pause behavior during long idle periods. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `AutoPauseTimeoutSeconds` in `settings-store.json` or `settings.json` files -## `AutoStart` +## Block `docker load` -- **Description:** Start Docker Desktop automatically when booting machine. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean -- **Use case:** Ensure Docker Desktop is always running after boot. -- **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `BackupData` - -- **Description:** Enable or disable backup of Docker Desktop application data. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean -- **Use case:** Manage persistence of application data. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `BlockDockerLoad` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | - **Description:** Block the `docker load` command to prevent loading local images. If the value is set to `true`, users are no longer able to run `docker load` and receive an error if they try to. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Harden security by restricting local image loading. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `BlockDockerLoad` in `settings-store.json` or `settings.json` files - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Block Docker load** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ContainerTerminal` +## Choose container terminal + +| Default value | Accepted values | Format | +|---------------|-------------------------|--------| +| `integrated` | `integrated`, `system` | String | - **Description:** Select default terminal for launching Docker CLI from Docker Desktop. -- **OS compatibility:** All -- **Default value:** `integrated` -- **Accepted values:** `integrated`, `system` -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Customize developer experience with preferred terminal. - **Configure this setting with:** - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ContainerTerminal` in `settings-store.json` or `settings.json` files + +## Include VM in Time Machine backup + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Back up the Docker Desktop virtual machine. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Manage persistence of application data. +- **Configure this setting with:** + - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `BackupData` in `settings-store.json` or `settings.json` files + +## Send usage statistics + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `true` | `true`, `false` | Boolean | + +- **Description:** Send usage statistics and crash reports to Docker. If set to +`false`, Docker Desktop doesn't send usage statistics to Docker. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable analytics to help Docker improve the product based on +usage data. +- **Configure this setting with:** + - Send usage statistics [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `AnalyticsEnabled` in `settings-store.json` or `settings.json` files + - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## Start Docker Desktop when you sign in to your computer + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Start Docker Desktop automatically when booting machine. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Ensure Docker Desktop is always running after boot. +- **Configure this setting with:** + - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `AutoStart` in `settings-store.json` or `settings.json` files ## `ContainersOverrideProxyExclude` +| Default value | Accepted values | Format | +|---------------|--------------------|--------| +| `""` | List of addresses | String | + - **Description:** Configure addresses that containers should bypass from proxy settings. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** List of addresses -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Fine-tune proxy exceptions for container networking. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -198,11 +206,12 @@ settings. ## `ContainersOverrideProxyHTTP` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | URL string | String | + - **Description:** HTTP proxy setting for container networking. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Set up container traffic to use a custom HTTP proxy. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -210,11 +219,12 @@ settings. ## `ContainersOverrideProxyHTTPS` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | URL string | String | + - **Description:** HTTPS proxy setting for container networking. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Set up container traffic to use a custom HTTPS proxy. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -222,11 +232,12 @@ settings. ## `ContainersOverrideProxyPAC` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | URL string | String | + - **Description:** PAC (Proxy Auto-config) URL for container networking. -- **OS compatibility:** Windows -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="Windows only" >}} - **Use case:** Automatically configure container proxy routing via PAC file. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -235,11 +246,12 @@ settings. ## `ContainersOverrideProxyTCP` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | String | String | + - **Description:** TCP proxy setting for container networking. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Configure advanced TCP proxy for containers. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -247,11 +259,12 @@ settings. ## `ContainersOverrideProxyTransparentPorts` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `80,443` | List of ports | String | + - **Description:** List of ports to bypass transparent proxying in containers. -- **OS compatibility:** All -- **Default value:** `80,443` -- **Accepted values:** List of ports -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Exclude specific ports from transparent proxy behavior. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -260,12 +273,13 @@ settings. ## `ContainersProxyHTTPMode` +| Default value | Accepted values | Format | +|---------------|---------------------|--------| +| `system` | `manual`, `system` | String | + - **Description:** Creates air-gapped containers. For more information, see [Air-Gapped Containers](/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md). -- **OS compatibility:** All -- **Default value:** `system` -- **Accepted values:** `manual`, `system` -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Fine-tune container proxy behavior. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -275,11 +289,12 @@ settings. ## `Cpus` +| Default value | Accepted values | Format | +|-----------------------------------------------|-----------------|---------| +| Number of logical CPU cores available on host | Integer | Integer | + - **Description:** Number of CPUs assigned to the Docker Desktop virtual machine. -- **OS compatibility:** All -- **Default value:** The number of logical CPU cores available on the host system. -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Resource allocation control. - **Configure this setting with:** - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -287,11 +302,12 @@ settings. ## `CredentialHelper` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `desktop` | String | String | + - **Description:** Credential storage helper to use for `docker login`. -- **OS compatibility:** macOS -- **Default value:** `desktop` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Manage secure storage of Docker credentials. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -299,11 +315,12 @@ settings. ## `CustomWslDistroDir` +| Default value | Accepted values | Format | +|----------------------------------------------|-----------------|--------| +| `%USERPROFILE%\AppData\Local\Docker\wsl\distro` | File path | String | + - **Description:** Custom path for WSL2 distributions managed by Docker. -- **OS compatibility:** Windows + WSL -- **Default value:** `%USERPROFILE%\AppData\Local\Docker\wsl\distro` -- **Accepted values:** File path -- **Format:** String +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Control where Docker stores WSL2 distributions. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -311,13 +328,12 @@ settings. ## `DataFolder` +| Default value | Accepted values | Format | +|-------------------------------------------------------------------------------|-----------------|--------| +| macOS: `~/Library/Containers/com.docker.docker/Data/vms/0`
Windows: `%USERPROFILE%\AppData\Local\Docker\wsl\data` | File path | String | + - **Description:** Path where Docker Desktop stores virtual machine data. -- **OS compatibility:** All -- **Default value:** - - macOS: `~/Library/Containers/com.docker.docker/Data/vms/0` - - Windows: `%USERPROFILE%\AppData\Local\Docker\wsl\data` -- **Accepted values:** File path -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Redirect Docker data to a custom location. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -325,11 +341,12 @@ settings. ## `DefaultSnapshotter` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `overlayfs` | String | String | + - **Description:** Set the default container snapshotter. -- **OS compatibility:** All -- **Default value:** `overlayfs` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control storage backend for container layers. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -337,50 +354,53 @@ settings. ## `DeprecatedCgroupv1` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable cgroup v1 support if needed for compatibility. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Maintain compatibility with legacy software. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `DesktopTerminalEnabled` +## Enable Desktop terminal + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable access to the Docker Desktop integrated terminal. If the value is set to `false`, users can't use the Docker terminal to interact with the host machine and execute commands directly from Docker Desktop. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Allow or restrict developer access to the built-in terminal. - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Enable Docker terminal** setting in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `DesktopTerminalEnabled` in `settings-store.json` or `settings.json` files - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `DefaultNetworkingMode` +## Default networking mode + +| Default value | Accepted values | Format | +|---------------|------------------------------------|--------| +| `ipv4only` | `ipv4only`, `ipv6only`, `dual-stack` | Enum | - **Description:** Set the default networking mode for containers. -- **OS compatibility:** All -- **Default value:** `ipv4only` -- **Accepted values:** `ipv4only`, `ipv6only`, `dual-stack` -- **Format:** Enum +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Specify a custom container network mode. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `DefaultNetworkingMode` in `settings-store.json` or `settings.json` files ## `DevEnvironmentsEnabled` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable the Docker Dev Environments feature. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control access to experimental development workflows. - **Configure this setting with:** - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -388,39 +408,41 @@ with the host machine and execute commands directly from Docker Desktop. ## `DisableHardwareAcceleration` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + - **Description:** Disable hardware (GPU) acceleration support. -- **OS compatibility:** Windows -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} - **Use case:** Work around graphics driver issues or run in VMs. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `DisableUpdate` +## Disable automatic updates + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | - **Description:** Disable automatic update polling for Docker Desktop. If the value is set to `true`, checking for updates and notifications about Docker Desktop updates are disabled. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Freeze the current version in enterprise environments. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `DisableUpdate` in `settings-store.json` or `settings.json` files - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Disable update** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `DiskFlush` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `os` | String | String | + - **Description:** Control when data flushing occurs for the VM disk. -- **OS compatibility:** All -- **Default value:** `os` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Tune disk performance versus safety. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -428,11 +450,12 @@ Desktop updates are disabled. ## `DiskSizeMiB` +| Default value | Accepted values | Format | +|-------------------------------|-----------------|---------| +| Default disk size of machine. | Integer | Integer | + - **Description:** Maximum disk size (in MiB) allocated for Docker Desktop. -- **OS compatibility:** All -- **Default value:** Default disk size of machine. -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Constrain Docker's virtual disk size for storage management. - **Configure this setting with:** - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -440,11 +463,12 @@ Desktop updates are disabled. ## `DiskStats` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | String | String | + - **Description:** Disk usage statistics. -- **OS compatibility:** macOS -- **Default value:** `""` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Monitor or debug disk usage performance on Unix-based systems. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -452,11 +476,12 @@ Desktop updates are disabled. ## `DiskTRIM` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `true` | `true`, `false` | Boolean | + - **Description:** Enable TRIM operation support to reclaim unused disk space. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Optimize disk usage over time. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -464,12 +489,13 @@ Desktop updates are disabled. ## `DisplayRestartDialog` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `true` | `true`, `false` | Boolean | + - **Description:** Show a restart notification when settings changes require a restart. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Provide user feedback about restart requirements. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -477,11 +503,12 @@ restart. ## `DisplaySwitchWinLinContainers` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + - **Description:** Allow users to switch between Linux and Windows containers. -- **OS compatibility:** Windows -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} - **Use case:** Flexibility in development environments. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -489,11 +516,12 @@ restart. ## `Displayed18362Deprecation` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | + - **Description:** Show the deprecation warning for Windows build 18362. -- **OS compatibility:** Windows -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} - **Use case:** Prevent showing the same Windows version deprecation warning multiple times. - **Configure this setting with:** @@ -502,40 +530,41 @@ multiple times. ## `DisplayedElectronPopup` +| Default value | Accepted values | Format | +|---------------|---------------------|-----------------------------| +| `[]` | List of strings | Array with list of strings | + - **Description:** Show Electron (tips, alerts, announcements) pop-ups for users. -- **OS compatibility:** All -- **Default value:** `[]` -- **Accepted values:** List of strings -- **Format:** Array with list of strings +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Prevents Docker Desktop from repeatedly showing the same popup messages. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `DisplayedOnboarding` +## Display onboarding survey + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | - **Description:** Display the onboarding survey for Docker Desktop. If the value is set to `true`, the onboarding survey will not be displayed to new users. Settings the value to `false` has no effecct. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Prevents Docker Desktop from repeatedly showing onboarding. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `DisplayedOnboarding` in `settings-store.json` or `settings.json` files - Settings Management: `displayedOnboarding` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Hide onboarding survey** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `DockerAppLaunchPath` +| Default value | Accepted values | Format | +|--------------------------|-----------------|--------| +| `/Applications/Docker.app` | File path | String | + - **Description:** Path to the Docker Desktop application executable on macOS. -- **OS compatibility:** macOS -- **Default value:** `/Applications/Docker.app` -- **Accepted values:** File path -- **Format:** String +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Custom install management or scripting. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -543,11 +572,12 @@ users. Settings the value to `false` has no effecct. ## `DockerBinInstallPath` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `system` | File path | String | + - **Description:** Install location for Docker CLI binaries. -- **OS compatibility:** All -- **Default value:** `system` -- **Accepted values:** File path -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Customize CLI install location for compliance or tooling. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -555,64 +585,68 @@ users. Settings the value to `false` has no effecct. ## `DockerDebugDefaultEnabled` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable debug logging by default for Docker CLI commands. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Assist with debugging support issues. - **Configure this setting with:** - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `ECIDockerSocketAllowDerivedImages` +## Allow ECI to use derived images + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Allow Enhanced Container Isolation (ECI) to use derived images. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Permit use of base images with layered builds in ECI mode. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ECIDockerSocketAllowDerivedImages` in `settings-store.json` or `settings.json` files - Settings Management: **Allow derived images** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ECIDockerSocketCmdList` +## ECI command list + +| Default value | Accepted values | Format | +|---------------|-----------------|-----------------------------| +| `[]` | List of strings | Array with list of strings | - **Description:** Restricts the commands that containers can issue via the bind-mounted Docker Engine socket. -- **OS compatibility:** All -- **Default value:** `[]` -- **Accepted values:** List of strings -- **Format:** Array with list of strings +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Fine-tune developer CLI access in hardened environments. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ECIDockerSocketCmdList` in `settings-store.json` or `settings.json` files - Settings Management: `commandList` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Command list** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ECIDockerSocketCmdListType` +## ECI command list type + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `deny` | `allow`, `deny` | String | - **Description:** Whether the ECI command list is an allow-list or deny-list. -- **OS compatibility:** All -- **Default value:** `deny` -- **Accepted values:** `allow`, `deny` -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Determine behavior of `ECIDockerSocketCmdList`. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ECIDockerSocketCmdListType` in `settings-store.json` or `settings.json` files + - Settings Management: `????` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **????** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## ECI image list -## `ECIDockerSocketImgList` +| Default value | Accepted values | Format | +|---------------|-----------------|-----------------------------| +| `[]` | List of strings | Array list of strings | - **Description:** Indicates which container images are allowed to bind-mount the Docker Engine socket. -- **OS compatibility:** All -- **Default value:** `[]` -- **Accepted values:** List of strings -- **Format:** Array list of strings +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Restrict containers to a known set of images. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -622,54 +656,58 @@ the Docker Engine socket. ## `EnableDefaultDockerSocket` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** By default, enhanced container isolation blocks bind-mounting the Docker Engine socket into containers (e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This lets you relax this in a controlled way. See ECI Configuration for more info. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Allow containers to access the Docker socket for scenarios like Docker-in-Docker or containerized CI agents. - **Configure this setting with:** - - Advanced settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - ???? in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) ## `EnableDockerAI` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable Docker AI features in the Docker Desktop experience. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable or disable AI features like "Ask Gordon". - **Configure this setting with:** - - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Features in development** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `EnableDockerAI` in `settings-store.json` or `settings.json` files - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) ## `EnableIntegrationWithDefaultWslDistro` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Automatically integrate Docker with the default WSL distribution. -- **OS compatibility:** Windows + WSL -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Ensure Docker integrates with default WSL distro automatically. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `EnableIntegrationWithDefaultWslDistro` in `settings-store.json` or `settings.json` files ## `EnableIntegrityCheck` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Perform integrity checks on Docker Desktop binaries. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enforce binary verification for security. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -677,12 +715,13 @@ distribution. ## `EnableSegmentDebug` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable debug logging for Docker Desktop’s Segment analytics events. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Troubleshoot or inspect analytics event delivery during development or support sessions. - **Configure this setting with:** @@ -691,189 +730,199 @@ development or support sessions. ## `EnableWasmShims` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable WebAssembly (Wasm) shims to run Wasm containers. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Run Wasm workloads in Docker Desktop. - **Configure this setting with:** - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `EnhancedContainerIsolation` +## Enable Enhanced Container Isolation (ECI) + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable Enhanced Container Isolation for secure container execution. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Prevent containers from modifying configuration or sensitive host areas. - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `EnhancedContainerIsolation` in `settings-store.json` or `settings.json` files - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ExposeDockerAPIOnTCP2375` +## Expose Docker API + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Expose the Docker API over TCP on a specified port. If value is set to `true`, the Docker API is exposed on port 2375. This port is unauthenticated and should only be enabled if protected by suitable firewall rules. -- **OS compatibility:** Windows -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} - **Use case:** Allow non-TLS API access for development/testing. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ExposeDockerAPIOnTCP2375` in `settings-store.json` or `settings.json` files - Settings Management: `exposeDockerAPIOnTCP2375` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Expose Docker API** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ExtensionsEnabled` +## Enable extensions + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Enable or disable Docker Extensions. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control access to the Extensions Marketplace and installed extensions. - **Configure this setting with:** - - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Extensions** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `ExtensionsEnabled` in `settings-store.json` or `settings.json` files - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ExtensionsPrivateMarketplace` +## Enable private extensions marketplace + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable a private marketplace for Docker Extensions. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Restrict extension installation to curated extensions. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ExtensionsPrivateMarketplace` in `settings-store.json` or `settings.json` files + +## Set private extension contact URL -## `ExtensionsPrivateMarketplaceAdminContactURL` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `""` | URL string | String | - **Description:** Set a contact URL for admins on the private extensions marketplace page. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Help users contact support if they can’t find an extension. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ExtensionsPrivateMarketplaceAdminContactURL` in `settings-store.json` or `settings.json` files -## `FilesharingDirectories` +## Filesharing directories + +| Default value | Accepted values | Format | +|----------------------------------------|---------------------------------|--------------------------| +| Varies by OS | List of file paths as strings | Array list of strings | - **Description:** List of allowed directories shared between the host and containers. When a path is added, its subdirectories are allowed. -- **OS compatibility:** All -- **Default value:** Varies by OS (typically includes user and temp directories) -- **Accepted values:** List of file paths as strings. This setting also accepts -`$HOME`, `$TMP`, or `$TEMP` as path variables. -- **Format:** Array list of strings +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Restrict or define what file paths are available to containers. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `FilesharingDirectories` in `settings-store.json` or `settings.json` files - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `HostNetworkingEnabled` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable experimental host networking support. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Allow containers to use the host network stack. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `KubernetesEnabled` +## Enable Kubernetes + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable the integrated Kubernetes cluster in Docker Desktop. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable or disable Kubernetes support for developers. - **Configure this setting with:** - - Kubernetes settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `KubernetesEnabled` in `settings-store.json` or `settings.json` files - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `KubernetesImagesRepository` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `""` | URL string | String | + - **Description:** Set a custom repository for Kubernetes images. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Support Kubernetes use in restricted or offline environments. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files - Settings Management: `imagesRepository` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Kubernetes images repository** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `KubernetesMode` +## Set Kubernetes mode + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `kubeadm` | String | String | - **Description:** Set the Kubernetes node mode (single-node or multi-node). -- **OS compatibility:** All -- **Default value:** `kubeadm` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control the topology of the integrated Kubernetes cluster. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `KubernetesMode` in `settings-store.json` or `settings.json` files + +## Kubernetes node count -## `KubernetesNodesCount` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `1` | Integer | Integer | - **Description:** Number of nodes to create in a multi-node Kubernetes cluster. -- **OS compatibility:** All -- **Default value:** `1` -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Scale the number of Kubernetes nodes for development or testing. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `KubernetesNodesCount` in `settings-store.json` or `settings.json` files -## `KubernetesNodesVersion` +## Kubernetes node version + +| Default value | Accepted values | Format | +|---------------|-------------------------------|--------| +| `1.31.1` | Semantic version (e.g., 1.29.1) | String | - **Description:** Version of Kubernetes used for cluster node creation. -- **OS compatibility:** All -- **Default value:** `1.31.1` -- **Accepted values:** Semantic version (e.g., `1.29.1`) -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Pin a specific Kubernetes version for consistency or compatibility. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `KubernetesNodesVersion` in `settings-store.json` or `settings.json` files ## `LastLoginDate` +| Default value | Accepted values | Format | +|---------------|-----------------|-----------------------| +| `0` | `int64` values | Integer in `int64` format | + - **Description:** Timestamp of last successful Docker Desktop login. -- **OS compatibility:** All -- **Default value:** `0` -- **Accepted values:** `int64` values -- **Format:** Integer in `int64` format +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Display usage activity. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -881,11 +930,12 @@ compatibility. ## `LatestBannerKey` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | String | String | + - **Description:** Tracks the most recently shown in-app banner. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Prevent repeated display of the same banner across sessions. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -893,11 +943,12 @@ compatibility. ## `LicenseTermsVersion` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `0` | Integer | Integer | + - **Description:** Version of Docker Desktop license terms accepted by the user. -- **OS compatibility:** All -- **Default value:** `0` -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Audit license terms agreement. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -905,12 +956,13 @@ compatibility. ## `LifecycleTimeoutSeconds` +| Default value | Accepted values | Format | +|---------------|---------------------|---------| +| `600` | Integer (seconds) | Integer | + - **Description:** Number of seconds Docker Desktop waits for the Docker Engine to start before timing out. - **OS compatibility**: All -- **Default value:** `600` -- **Accepted values:** Integer (seconds) -- **Format:** Integer - **Use case:** Extend or reduce the timeout window for environments where the engine may start slowly. - **Configure this setting with:** @@ -919,89 +971,96 @@ engine may start slowly. ## `MemoryMiB` +| Default value | Accepted values | Format | +|---------------------------|-----------------|---------| +| Based on system resources | Integer | Integer | + - **Description:** Amount of RAM (in MiB) assigned to the Docker virtual machine. -- **OS compatibility:** All -- **Default value:** Based on system resources -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control how much memory Docker can use on the host. - **Configure this setting with:** - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `OnlyMarketplaceExtensions` +## Allow only Marketplace extensions + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Restrict Docker Desktop to only run Marketplace extensions. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Prevent running third-party or local extensions. - **Configure this setting with:** - - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Extensions** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `OnlyMarketplaceExtensions` in `settings-store.json` or `settings.json` files ## `OpenUIOnStartupDisabled` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Prevent the Docker Desktop UI from opening automatically at startup. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Streamline startup experience. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `OverrideProxyExclude` +## Override proxy exclude + +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `""` | String | String | - **Description:** Comma-separated list of domain patterns that should bypass the proxy. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** String -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Exclude internal services or domains from being routed through the proxy. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `OverrideProxyExclude` in `settings-store.json` or `settings.json` files + +## Override proxy HTTP -## `OverrideProxyHTTP` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `""` | URL string | String | - **Description:** Override the default HTTP proxy used by Docker Desktop and its containers. - **OS compatibility**: All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String - **Use case:** Route container HTTP traffic through a specific proxy. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `OverrideProxyHTTP` in `settings-store.json` or `settings.json` files + +## Override proxy HTTPS -## `OverrideProxyHTTPS` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `""` | URL string | String | - **Description:** Override the default HTTPS proxy used by Docker Desktop and its containers. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Route container HTTPS traffic through a specific proxy. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `OverrideProxyHTTPS` in `settings-store.json` or `settings.json` files ## `OverrideProxyPAC` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `""` | URL string | String | + - **Description:** URL to a Proxy Auto-Config (PAC) file to dynamically configure proxy rules. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Load dynamic proxy rules from a PAC file. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1009,11 +1068,12 @@ configure proxy rules. ## `OverrideProxyTCP` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `""` | URL string | String | + - **Description:** Override the TCP proxy settings used by Docker Desktop. -- **OS compatibility:** All -- **Default value:** `""` -- **Accepted values:** URL string -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Define a custom proxy for TCP traffic not covered by HTTP/HTTPS proxies. - **Configure this setting with:** @@ -1022,61 +1082,64 @@ HTTP/HTTPS proxies. ## `OverrideWindowsDockerdPort` +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `-1` | Integer | Integer | + - **Description:** Exposes Docker Desktop's internal proxy locally on this port for the Windows Docker daemon to connect to. If set to `0`, a random free port is chosen. If the value is greater than 0, it uses that exact value for the port. -1 disables the option. - **OS:** Windows -- **Description:** Override the port used by the Windows Docker deamon. -- **Default value:** `-1` - **Use case:** Allow precise control of how Docker Desktop exposes its internal proxy for `dockerd.exe`. - **Configure this settings with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `OverrideWindowsDockerdPort` in `settings-store.json` or `settings.json` files - Settings Management: `windowsDockerdPort` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Override Windows “dockerd” port** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ProxyEnableKerberosNTLM` +## Proxy enable Kerberos NTLM + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable Kerberos and NTLM authentication for the proxy. - **OS:** Windows -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean - **Use case:** Allow Docker Desktop to authenticate with enterprise proxies that require Kerberos or NTLM credentials. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ProxyEnableKerberosNTLM` in `settings-store.json` or `settings.json` files - Settings Management: `enableKerberosNtlm` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Kerberos NTLM** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ProxyHTTPMode` +## Proxy HTTP mode + +| Default value | Accepted values | Format | +|---------------|---------------------|--------| +| `system` | `system`, `manual` | String | - **Description:** Proxy mode setting. If mode is set to `system` instead of `manual`, Docker Desktop gets the proxy values from the system and ignores values set for `http`, `https`, and `exclude`. To manually configure proxy servers, use `manual`. -- **OS compatibility:** All -- **Default value:** `system` -- **Accepted values:** `system`, `manual` -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control how Docker Desktop uses or ignores system proxy settings. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `ProxyHTTPMode` in `settings-store.json` or `settings.json` files - Settings Management: `proxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `ProxyLocalhostPort` +| Default value | Accepted values | Format | +|---------------|---------------------|---------| +| `0` | Integer (port number) | Integer | + - **Description:** Specifies the local port used by Docker Desktop’s internal proxy to route container traffic through the host network. -- **OS compatibility:** All -- **Default value:** `0` -- **Accepted values:** Integer (port number) -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Bind the internal proxy to a fixed localhost port for debugging or compatibility with network security tools. - **Configure this setting with:** @@ -1085,12 +1148,13 @@ or compatibility with network security tools. ## `RequireVmnetd` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Require the privileged helper (`vmnetd`) for networking on macOS. -- **OS compatibility:** macOS -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Enforce elevated privileges for networking support - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1098,39 +1162,42 @@ macOS. ## `RunWinServiceInWslMode` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Allow the Windows service that supports Docker Desktop to run in WSL mode for enhanced integration. -- **OS compatibility:** Windows + WSL -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Enable deeper integration between the Windows service layer and the WSL-based Docker backend. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `SbomIndexing` +## SBOM indexing + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Enable SBOM indexing for container images -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control whether Docker indexes SBOMs for images - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `SbomIndexing` in `settings-store.json` or `settings.json` files - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `ScoutNotificationPopupsEnabled` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Enable Docker Scout popups inside Docker Desktop. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Show or hide vulnerability scan notifications - **Configure this setting with:** - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1138,11 +1205,12 @@ the WSL-based Docker backend. ## `ScoutOsNotificationsEnabled` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable Docker Scout notifications through the operating system. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Push Scout updates via system notification center - **Configure this setting with:** - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1150,11 +1218,12 @@ the WSL-based Docker backend. ## `SettingsVersion` +| Default value | Accepted values | Format | +|-----------------------|-----------------|---------| +| `CurrentSettingsVersions` | Integer | Integer | + - **Description:** Specifies the version of the settings configuration file format -- **OS compatibility:** All -- **Default value:** `CurrentSettingsVersions` -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Track schema versions for compatibility - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1163,11 +1232,12 @@ the WSL-based Docker backend. ## `ShowAnnouncementNotifications` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Display general announcements inside Docker Desktop. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable or suppress Docker-wide announcements in the UI. - **Configure this setting with:** - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1175,11 +1245,12 @@ the WSL-based Docker backend. ## `ShowExtensionsSystemContainers` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Show system containers used by Docker Extensions in the container list -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Help developers troubleshoot or view extension system containers - **Configure this setting with:** - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1187,11 +1258,12 @@ the WSL-based Docker backend. ## `ShowGeneralNotifications` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Display general informational messages inside Docker Desktop -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Customize in-app communication visibility - **Configure this setting with:** - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1199,11 +1271,12 @@ the WSL-based Docker backend. ## `ShowInstallScreen` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Show the installation onboarding screen in Docker Desktop -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control whether onboarding screens are shown after installation - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1211,11 +1284,12 @@ the WSL-based Docker backend. ## `ShowKubernetesSystemContainers` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Show Kubernetes system containers in the Docker Dashboard container list -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Allow developers to view kube-system containers for debugging - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1223,11 +1297,12 @@ the WSL-based Docker backend. ## `ShowPromotionalNotifications` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Display promotional announcements and banners inside Docker Desktop -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control exposure to Docker news and feature promotion - **Configure this setting with:** - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1235,11 +1310,12 @@ the WSL-based Docker backend. ## `ShowSurveyNotifications` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Display notifications inviting users to participate in surveys -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable or disable in-product survey prompts - **Configure this setting with:** - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1247,11 +1323,12 @@ the WSL-based Docker backend. ## `SkipUpdateToWSLPrompt` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Skip prompting users to upgrade to the WSL 2 backend -- **OS compatibility:** Windows + WSL -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Silence UI nudges to switch WSL versions - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1259,11 +1336,12 @@ the WSL-based Docker backend. ## `SkipWSLMountPerfWarning` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Skip the performance warning about WSL mount speed. -- **OS compatibility:** Windows + WSL -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Suppress warnings for known limitations or user preference - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1271,11 +1349,12 @@ the WSL-based Docker backend. ## `SocksProxyPort` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `0` | Integer (port) | Integer | + - **Description:** Local SOCKS proxy port for Docker Desktop. -- **OS compatibility:** All -- **Default value:** `0` -- **Accepted values:** Integer (port) -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Route Docker traffic through a SOCKS proxy - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1283,11 +1362,12 @@ the WSL-based Docker backend. ## `SwapMiB` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `1024` | Integer | Integer | + - **Description:** Amount of swap space (in MiB) assigned to the Docker virtual machine -- **OS compatibility:** All -- **Default value:** `1024` -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Extend memory availability via swap - **Configure this setting with:** - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1295,12 +1375,13 @@ the WSL-based Docker backend. ## `SynchronizedDirectories` +| Default value | Accepted values | Format | +|----------------------------------|-----------------------------|--------| +| Varies by system/user configs | Array of file paths as strings | Array | + - **Description:** Directories that should be synchronized between host and container filesystems. -- **OS compatibility:** All -- **Default value:** Varies by system and user configurations -- **Accepted values:** Array of file paths as strings -- **Format:** Array +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Improve performance for bind mounts and volume sharing. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1308,75 +1389,81 @@ container filesystems. ## `ThemeSource` -- **Description:** Choose the Docker Desktop UI theme -- **OS compatibility:** All -- **Default value:** `system` -- **Accepted values:** `light`, `dark`, `system` -- **Format:** Enum -- **Use case:** Personalize Docker Desktop appearance +| Default value | Accepted values | Format | +|---------------|----------------------------|--------| +| `system` | `light`, `dark`, `system` | Enum | + +- **Description:** Choose the Docker Desktop UI theme. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Personalize Docker Desktop appearance. - **Configure this setting with:** - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files ## `UpdateAvailableTime` -- **Description:** Timestamp of last update availability check -- **OS compatibility:** All -- **Default value:** `0` -- **Accepted values:** ISO 8601 timestamp -- **Format:** String -- **Use case:** Telemetry and internal logic +| Default value | Accepted values | Format | +|---------------|---------------------|--------| +| `0` | ISO 8601 timestamp | String | + +- **Description:** Timestamp of last update availability check. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Telemetry and internal logic. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files ## `UpdateHostsFile` -- **Description:** Allow Docker Desktop to update the system `hosts` file -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean -- **Use case:** Support DNS resolution for internal services +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + +- **Description:** Allow Docker Desktop to update the system `hosts` file. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Support DNS resolution for internal services. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files ## `UpdateInstallTime` +| Default value | Accepted values | Format | +|---------------|---------------------|--------| +| `0` | ISO 8601 timestamp | String | + - **Description:** Timestamp of last Docker Desktop update installation. -- **OS compatibility:** All -- **Default value:** `0` -- **Accepted values:** ISO 8601 timestamp -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Track install history. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `UseBackgroundIndexing` +## Use background indexing + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable background indexing of local Docker images for Docker Scout. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Improve performance of features like image search. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `UseBackgroundIndexing` in `settings-store.json` or `settings.json` files - Settings Management: `useBackgroundIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Background indexing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `UseContainerdSnapshotter` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Use containerd native snapshotter instead of legacy snapshotters. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Improve image handling performance and compatibility. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1384,66 +1471,70 @@ snapshotters. ## `UseCredentialHelper` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Use the configured credential helper to securely store and retrieve Docker registry credentials. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Enable secure, system-integrated storage of Docker login credentials instead of plain-text config files. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `UseGrpcfuse` +## Use gRPC Fuse + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Enable gRPC FUSE for macOS file sharing. If value is set to `true`, gRPC Fuse is set as the file sharing mechanism. -- **OS compatibility:** macOS -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Improve performance and compatibility of file mounts. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Choose file sharing implementation for your containers** setting in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `UseGrpcfuse` in `settings-store.json` or `settings.json` files - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `UseLibkrun` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable lightweight VM virtualization via libkrun. -- **OS compatibility:** macOS -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Run containers in microVMs using libkrun. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `UseNightlyBuildUpdates` +## Use nightly build updates + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | - **Description:** Enable updates from the Docker Desktop nightly build channel instead of the stable release channel. -- **OS compatibility:** All -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Receive early access to experimental features and fixes by subscribing to nightly builds. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `UseNightlyBuildUpdates` in `settings-store.json` or `settings.json` files ## `UseResourceSaver` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Enable Docker Desktop to pause when idle. -- **OS compatibility:** All -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Save system resources during periods of inactivity. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1451,56 +1542,60 @@ subscribing to nightly builds. ## `UseVirtualizationFramework` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Use Apple Virtualization Framework to run Docker containers. -- **OS compatibility:** macOS -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Improve VM performance on Apple Silicon. - **Configure this setting with:** - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `UseVirtualizationFrameworkRosetta` +## Use virtualization framework: Rosetta + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Use Rosetta to emulate `amd64` on Apple Silicon. If value is set to `true`, Docker Desktop turns on Rosetta to accelerate x86_64/amd64 binary emulation on Apple Silicon. -- **OS compatibility:** macOS 13+ -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} 13+ - **Use case:** Run Intel-based containers on Apple Silicon hosts. - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `UseVirtualizationFrameworkRosetta` in `settings-store.json` or `settings.json` files - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `UseVirtualizationFrameworkVirtioFS` +## Use virtualization framework: VirtioFS + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** Use VirtioFS for fast, native file sharing between host and containers. If value is set to `true`, VirtioFS is set as the file sharing mechanism. If both VirtioFS and gRPC are set to `true`, VirtioFS takes precedence. -- **OS compatibility:** macOS 12.5+ -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} 12.5+ - **Use case:** Improve volume mount performance and compatibility. - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) + - `UseVirtualizationFrameworkVirtioFS` in `settings-store.json` or `settings.json` files - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `UseVpnkit` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Use vpnkit for Docker Desktop networking on macOS. -- **OS compatibility:** macOS -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Enable or disable vpnkit as the networking backend. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1508,11 +1603,12 @@ precedence. ## `UseWindowsContainers` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable Windows container mode in Docker Desktop. -- **OS compatibility:** Windows -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} - **Use case:** Switch between Linux and Windows container runtimes. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1521,12 +1617,13 @@ precedence. ## `VpnKitAllowedBindAddresses` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `0.0.0.0` | IP address | String | + - **Description:** Specify which local IP addresses vpnkit is allowed to bind to for handling network traffic. -- **OS compatibility:** All -- **Default value:** `0.0.0.0` -- **Accepted values:** IP address -- **Format:** String +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Restrict or allow vpnkit to bind to specific interfaces for security or debugging purposes. - **Configure this setting with:** @@ -1535,12 +1632,13 @@ security or debugging purposes. ## `VpnKitMTU` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `1500` | Integer | Integer | + - **Description:** Set the Maximum Transmission Unit (MTU) for vpnkit’s virtual network interface. -- **OS compatibility:** All -- **Default value:** `1500` -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Tune network performance or resolve issues with packet fragmentation when using vpnkit. - **Configure this setting with:** @@ -1549,12 +1647,13 @@ fragmentation when using vpnkit. ## `VpnKitMaxConnections` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `2000` | Integer | Integer | + - **Description:** Set the maximum number of simultaneous network connections vpnkit can handle. -- **OS compatibility:** All -- **Default value:** `2000` -- **Accepted values:** Integer -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Control resource usage or support high-connection workloads inside containers. - **Configure this setting with:** @@ -1563,12 +1662,13 @@ inside containers. ## `VpnKitMaxPortIdleTime` +| Default value | Accepted values | Format | +|---------------|---------------------|---------| +| `300` | Integer (seconds) | Integer | + - **Description:** Maximum idle time in seconds before vpnkit closes an unused port. -- **OS compatibility:** All -- **Default value:** `300` -- **Accepted values:** Integer (seconds) -- **Format:** Integer +- **OS:** {{< badge color=blue text="All" >}} - **Use case:** Improve performance and free up unused ports by closing idle connections. - **Configure this setting with:** @@ -1577,40 +1677,42 @@ idle connections. ## `VpnKitTransparentProxy` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | + - **Description:** Enable transparent proxying in vpnkit. -- **OS compatibility:** macOS -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Seamlessly forward traffic through proxies using vpnkit. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `VpnkitCIDR` +## vpnkit CIDR + +| Default value | Accepted values | Format | +|-------------------|-----------------|--------| +| `192.168.65.0/24` | IP address | String | - **Description:** Overrides the network range used for vpnkit DHCP/DNS for `*.docker.internal`. -- **OS compatibility:** macOS -- **Default value:** `192.168.65.0/24` -- **Accepted values:** IP address -- **Format:** String +- **OS:** {{< badge color=blue text="Mac only" >}} - **Use case:** Customize the subnet used for Docker container networking. - **Configure this setting with:** - - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `VpnkitCIDR` in `settings-store.json` or `settings.json` files - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `WslDiskCompactionThresholdGb` +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `0` | Integer (GB) | Integer | + - **Description:** Minimum free disk space required to trigger WSL disk compaction. -- **OS compatibility:** Windows + WSL -- **Default value:** `0` -- **Accepted values:** Integer (GB) -- **Format:** Integer +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Automatically reclaim unused space from WSL disks. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) @@ -1618,40 +1720,43 @@ compaction. ## `WslEnableGrpcfuse` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Enable gRPC FUSE file sharing in WSL2 mode. -- **OS compatibility:** Windows + WSL -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Improve performance and compatibility for file mounts in WSL. - **Configure this setting with:** - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - `settings-store.json` or `settings.json` files -## `WslEngineEnabled` +## Enable WSL engine + +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | - **Description:** If the value is set to `true`, Docker Desktop uses the WSL2 based engine. This overrides anything that may have been set at installation using the `--backend=` flag. -- **OS compatibility:** Windows + WSL -- **Default value:** `true` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Enable Linux containers via WSL 2 backend. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - `WslEngineEnabled` in `settings-store.json` or `settings.json` files - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) ## `WslInstallMode` +| Default value | Accepted values | Format | +|---------------------|--------------------------------|--------| +| `installLatestWsl` | `installLatestWsl`, `manualInstall` | String | + - **Description:** Select how Docker Desktop installs and manages WSL on Windows systems. -- **OS compatibility:** Windows + WSL -- **Default value:** `installLatestWsl` -- **Accepted values:** `installLatestWsl`, `manualInstall` -- **Format:** String +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Control whether Docker Desktop installs WSL automatically or relies on a pre-installed version. - **Configure this setting with:** @@ -1660,12 +1765,13 @@ relies on a pre-installed version. ## `WslUpdateRequired` +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | + - **Description:** Indicates whether a WSL update is required for Docker Desktop to function. -- **OS compatibility:** Windows + WSL -- **Default value:** `false` -- **Accepted values:** `true`, `false` -- **Format:** Boolean +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL - **Use case:** Internal check for platform support. - **Configure this setting with:** - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) From ff6e2186b5c4a0b6a7b285e5c557d9c511f0a15a Mon Sep 17 00:00:00 2001 From: Mathieu Champlon Date: Wed, 30 Apr 2025 08:51:03 +0200 Subject: [PATCH 03/30] Merge pull request #22512 from mat007/cve-2025-3911 Add CVE-2025-3911 to release notes of Docker Desktop 4.41 --- content/manuals/desktop/release-notes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 986e9ba778ef..5e0114aa26eb 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -51,9 +51,10 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo - [Docker Scout CLI v1.17.1](https://github.com/docker/scout-cli/releases/tag/v1.17.1) - [Compose Bridge v0.0.19](https://github.com/docker/compose-bridge-binaries/releases/tag/v0.0.19) -### Security +### Security - Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates. +- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers. ### Bug fixes and enhancements From 7314d33c14901eba68ac362e62462a6511724e60 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Wed, 30 Apr 2025 11:47:48 +0100 Subject: [PATCH 04/30] MR-link-fix (#22524) ## Description redirect fix ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- data/redirects.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/redirects.yml b/data/redirects.yml index 522b02e8f380..aedd6f60ea0b 100644 --- a/data/redirects.yml +++ b/data/redirects.yml @@ -297,6 +297,6 @@ # Desktop DMR -"/ai/model-runner/": +"/model-runner/": - /go/model-runner/ \ No newline at end of file From 219877f175c0fdadbc7a916ed5b296160ae325dc Mon Sep 17 00:00:00 2001 From: Bruno Sousa <107440821+bsousaa@users.noreply.github.com> Date: Wed, 30 Apr 2025 11:53:28 +0100 Subject: [PATCH 05/30] Add CVE-2025-4095 to release notes of Docker Desktop 4.41 (#22521) ## Description Add CVE-2025-4095 to release notes of Docker Desktop 4.41 ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/manuals/desktop/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 5e0114aa26eb..46534cf4ec07 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -54,6 +54,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo ### Security - Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates. +- Fixed [CVE-2025-4095](https://www.cve.org/CVERecord?id=CVE-2025-4095) where Registry Access Management (RAM) policies were not enforced when using a MacOS configuration profile, allowing users to pull images from unapproved registries. - Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers. ### Bug fixes and enhancements From ebbeeab810e5868432311475ae13041dc826ce11 Mon Sep 17 00:00:00 2001 From: george Date: Wed, 30 Apr 2025 16:53:16 +0200 Subject: [PATCH 06/30] Merge pull request #22529 from gabolaev/4.41.1 add 4.41.1 notes --- content/manuals/desktop/release-notes.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 46534cf4ec07..6e6df443d5c9 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -29,6 +29,22 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo > > If you're experiencing malware detection issues on Mac, follow the steps documented in [docker/for-mac#7527](https://github.com/docker/for-mac/issues/7527). +## 4.41.1 + +{{< release-date date="2025-04-30" >}} + +{{< desktop-install-v2 all=true beta_win_arm=true version="4.41.1" build_path="/191279/" >}} + +### Bug fixes and enhancements + +#### For all platforms + +- Fixed an issue where Docker Desktop failed to start when a proxy configuration was specified in the `admin-settings.json` file. + +#### For Windows + +- Fixed possible conflict with 3rd party tools (for example, Ollama) by avoiding placing `llama.cpp` DLLs in a directory included in the system `PATH`. + ## 4.41.0 {{< release-date date="2025-04-28" >}} From b3758072a1520200e25eb422412b050f7dc3ff85 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 30 Apr 2025 12:13:45 -0400 Subject: [PATCH 07/30] billing: pay by ach transfer (#22473) ## Description - Adds pay by bank account as payment method option - Adds new section on verifying bank account - Preview: https://deploy-preview-22473--docsdocker.netlify.app/billing/payment-method/ ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- _vale/Docker/Acronyms.yml | 1 + content/manuals/billing/cycle.md | 10 ++ content/manuals/billing/faqs.md | 1 + content/manuals/billing/payment-method.md | 123 ++++++++++++++----- content/manuals/subscription/change.md | 5 + content/manuals/subscription/manage-seats.md | 5 + 6 files changed, 115 insertions(+), 30 deletions(-) diff --git a/_vale/Docker/Acronyms.yml b/_vale/Docker/Acronyms.yml index 08a81fb0731c..476d8937d5b9 100644 --- a/_vale/Docker/Acronyms.yml +++ b/_vale/Docker/Acronyms.yml @@ -8,6 +8,7 @@ first: '\b([A-Z]{2,5})\b' second: '(?:\b[A-Z][a-z]+ )+\(([A-Z]{2,5})s?\)' # ... with the exception of these: exceptions: + - ACH - AGPL - AI - API diff --git a/content/manuals/billing/cycle.md b/content/manuals/billing/cycle.md index a8f5b2e09c5f..e3e98563ff5c 100644 --- a/content/manuals/billing/cycle.md +++ b/content/manuals/billing/cycle.md @@ -39,6 +39,11 @@ To change your billing cycle: 5. Select **Continue to payment**. 6. Verify payment information and select **Upgrade subscription**. +> [!NOTE] +> +> If you choose to pay using a US bank account, you must verify the account. For +> more information, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account). + The billing plans and usage page will now reflect your new annual plan details. {{< /tab >}} @@ -73,6 +78,11 @@ To change your organization's billing cycle: 5. Select **Continue to payment**. 6. Verify payment information and select **Upgrade subscription**. +> [!NOTE] +> +> If you choose to pay using a US bank account, you must verify the account. For +> more information, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account). + {{< /tab >}} {{< tab name="Legacy Docker plan" >}} diff --git a/content/manuals/billing/faqs.md b/content/manuals/billing/faqs.md index 4bc962db7c13..d9212c8b50f7 100644 --- a/content/manuals/billing/faqs.md +++ b/content/manuals/billing/faqs.md @@ -17,6 +17,7 @@ weight: 60 - Diners - UnionPay - Link +- ACH transfer with a [verified](manuals/billing/payment-method.md#verify-a-bank-account) US bank account ### What currency is supported? diff --git a/content/manuals/billing/payment-method.md b/content/manuals/billing/payment-method.md index cfe74510ffb5..f4c2ad3e2a96 100644 --- a/content/manuals/billing/payment-method.md +++ b/content/manuals/billing/payment-method.md @@ -17,14 +17,18 @@ You can add a payment method or update your account's existing payment method at The following payment methods are supported: -- Visa -- MasterCard -- American Express -- Discover -- JCB -- Diners -- UnionPay -- Link +- Cards + - Visa + - MasterCard + - American Express + - Discover + - JCB + - Diners + - UnionPay +- Wallets + - Stripe Link +- Bank accounts + - ACH transfer with a [verified](manuals/billing/payment-method.md#verify-a-bank-account) US bank account All currency, for example the amount listed on your billing invoice, is in United States dollar (USD). @@ -44,15 +48,26 @@ To add a payment method: 3. Select **Payment methods** from the left-hand menu. 4. Select **Add payment method**. 5. Enter your new payment information: - - If you are adding a card, fill out the card information form. - - If you are adding a Link payment, select **Secure, 1-click checkout with Link** - and enter your Link **email address** and **phone number**. If you are not - an existing Link customer, you must fill out the card information form to - store a card for Link payments. + - If you are adding a card: + - Select **Card** and fill out the card information form. + - If you are adding a Link payment: + - Select **Secure, 1-click checkout with Link** and enter your Link **email address** and **phone number**. + - If you are not an existing Link customer, you must fill out the card information form to store a card for Link payments. + - If you are adding a bank account: + - Select **US bank account**. + - Verify your **Email** and **Full name**. + - If your bank is listed, select your bank's name. + - If your bank is not listed, select **Search for your bank**. + - To verify your bank account, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account). 6. Select **Add payment method**. 7. Optional. You can set a new default payment method by selecting the **Set as default** action. 8. Optional. You can remove non-default payment methods by selecting the **Delete** action. +> [!NOTE] +> +> If you want to set a US bank account as your default payment method, you must +> verify the account first. + {{< /tab >}} {{< tab name="Legacy Docker plan" >}} @@ -64,11 +79,11 @@ To add a payment method: 4. Select the **Payment methods and billing history** link. 5. In the **Payment method** section, select **Add payment method**. 6. Enter your new payment information: - - If you are adding a card, fill out the card information form. - - IIf you are adding a Link payment, select **Secure, 1-click checkout with Link** - and enter your Link **email address** and **phone number**. If you are not - an existing Link customer, you must fill out the card information form to - store a card for Link payments. + - If you are adding a card: + - Select **Card** and fill out the card information form. + - If you are adding a Link payment: + - Select **Secure, 1-click checkout with Link** and enter your Link **email address** and **phone number**. + - If you are not an existing Link customer, you must fill out the card information form to store a card for Link payments. 7. Select **Add**. 8. Select the **Actions** icon, then select **Make default** to ensure that your new payment method applies to all purchases and subscriptions. 9. Optional. You can remove non-default payment methods by selecting the **Actions** icon. Then, select **Delete**. @@ -93,14 +108,26 @@ To add a payment method: 4. Select **Payment methods** from the left-hand menu. 5. Select **Add payment method**. 6. Enter your new payment information: - - If you are adding a card, fill out the card information form. - - If you are adding a Link payment, select **Secure, 1-click checkout with Link** - and enter your Link **email address** and **phone number**. If you are not - an existing Link customer, you must fill out the card information form to - store a card for Link payments. + - If you are adding a card: + - Select **Card** and fill out the card information form. + - If you are adding a Link payment: + - Select **Secure, 1-click checkout with Link** and enter your Link **email address** and **phone number**. + - If you are not an existing Link customer, you must fill out the card information form to store a card for Link payments. + - If you are adding a bank account: + - Select **US bank account**. + - Verify your **Email** and **Full name**. + - If your bank is listed, select your bank's name. + - If your bank is not listed, select **Search for your bank**. + - To verify your bank account, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account). 7. Select **Add payment method**. -8. Optional. You can set a new default payment method by selecting the **Set as default** action. -9. Optional. You can remove non-default payment methods by selecting the **Delete** action. +8. Select **Add payment method**. +9. Optional. You can set a new default payment method by selecting the **Set as default** action. +10. Optional. You can remove non-default payment methods by selecting the **Delete** action. + +> [!NOTE] +> +> If you want to set a US bank account as your default payment method, you must +> verify the account first. {{< /tab >}} {{< tab name="Legacy Docker plan" >}} @@ -114,11 +141,11 @@ To add a payment method: 5. Select the **Payment methods and billing history** link. 6. In the **Payment Method** section, select **Add payment method**. 7. Enter your new payment information: - - If you are adding a card, fill out the card information form. - - If you are adding a Link payment, select **Secure, 1-click checkout with Link** - and enter your Link **email address** and **phone number**. If you are not - an existing Link customer, you must fill out the card information form to - store a card for Link payments. + - If you are adding a card: + - Select **Card** and fill out the card information form. + - If you are adding a Link payment: + - Select **Secure, 1-click checkout with Link** and enter your Link **email address** and **phone number**. + - If you are not an existing Link customer, you must fill out the card information form to store a card for Link payments. 8. Select **Add payment method**. 9. Select the **Actions** icon, then select **Make default** to ensure that your new payment method applies to all purchases and subscriptions. 10. Optional. You can remove non-default payment methods by selecting the **Actions** icon. Then, select **Delete**. @@ -126,6 +153,42 @@ To add a payment method: {{< /tab >}} {{< /tabs >}} +## Verify a bank account + +There are two ways to verify a bank account as a payment method: + +- Instant verification: Docker supports several major banks for instant verification. +- Manual verification: All other banks must be verified manually. + +### Instant verification + +To verify your bank account instantly, you must sign in to your bank account +from the Docker billing flow: + +1. Choose **US bank account** as your payment method. +2. Verify your **Email** and **Full name**. +3. If your bank is listed, select your bank's name or select **Search for your bank**. +4. Sign in to your bank and review the terms and conditions. This agreement +allows Docker to debit payments from your connected bank account. +5. Select **Agree and continue**. +6. Select an account to link and verify, and select **Connect account**. + +When the account is verified, you will see a success message in the pop-up modal. + +### Manual verification + +To verify your bank account manually, you must enter the micro-deposit amount from your bank statement: + +1. Choose **US bank account** as your payment method. +2. Verify your **Email** and **First and last name**. +3. Select **Enter bank details manually instead**. +4. Enter your bank details: **Routing number** and **Account number**. +5. Select **Submit**. +6. You will receive an email with instructions on how to manually verify. + +Manual verification uses micro-deposits. You should see a small deposit +(e.g. $-0.01) in your bank account in 1-2 business days. Open your manual verification email and enter the amount of this deposit to verify your account. + ## Failed payments > [!NOTE] diff --git a/content/manuals/subscription/change.md b/content/manuals/subscription/change.md index b2e6a5d6033e..5844598f1ba2 100644 --- a/content/manuals/subscription/change.md +++ b/content/manuals/subscription/change.md @@ -46,6 +46,11 @@ To upgrade your Docker subscription: 5. Select **Upgrade**. 6. Follow the on-screen instructions to complete your upgrade. +> [!NOTE] +> +> If you choose to pay using a US bank account, you must verify the account. For +> more information, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account). + {{< /tab >}} {{< tab name="Legacy Docker plan" >}} diff --git a/content/manuals/subscription/manage-seats.md b/content/manuals/subscription/manage-seats.md index f0ec03e90269..bfe663080969 100644 --- a/content/manuals/subscription/manage-seats.md +++ b/content/manuals/subscription/manage-seats.md @@ -36,6 +36,11 @@ To add seats to your subscription: 4. Select **Add seats**. 5. Follow the on-screen instructions to complete adding seats. +> [!NOTE] +> +> If you choose to pay using a US bank account, you must verify the account. For +> more information, see [Verify a bank account](manuals/billing/payment-method.md#verify-a-bank-account). + You can now add more members to your organization. For more information, see [Manage organization members](../admin/organization/members.md). {{< /tab >}} From 5a00328660c91df3697fd2fc5b344d59c043a991 Mon Sep 17 00:00:00 2001 From: Andrey Sobolev Date: Thu, 1 May 2025 11:11:10 +0300 Subject: [PATCH 08/30] Merge pull request #22528 from duffuniverse/fix-typos-in-build-dependent-images-manual Fix typos in the Build dependent images manual --- content/manuals/compose/how-tos/dependent-images.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/manuals/compose/how-tos/dependent-images.md b/content/manuals/compose/how-tos/dependent-images.md index 238f27efb40a..d62668548acf 100644 --- a/content/manuals/compose/how-tos/dependent-images.md +++ b/content/manuals/compose/how-tos/dependent-images.md @@ -9,12 +9,12 @@ weight: 50 To reduce push/pull time and image weight, a common practice for Compose applications is to have services share base layers as much as possible. You will typically select the same operating system base image for -all services. But you also can get one step further sharing image layers when your images share the same +all services. But you can also get one step further by sharing image layers when your images share the same system packages. The challenge to address is then to avoid repeating the exact same Dockerfile instruction in all services. For illustration, this page assumes you want all your services to be built with an `alpine` base -image and install system package `openssl`. +image and install the system package `openssl`. ## Multi-stage Dockerfile @@ -161,4 +161,4 @@ Bake can also be selected as the default builder by editing your `$HOME/.docker/ } ... } -``` \ No newline at end of file +``` From e2f8dee042125c497bdf88e0aa6c91d80aaa96cb Mon Sep 17 00:00:00 2001 From: Andrey Sobolev Date: Thu, 1 May 2025 11:38:21 +0300 Subject: [PATCH 09/30] Fix typos in the "Pre-defined environment variables in Compose" manual (#22492) ## Description This pull request fixes stale Compose CLI documentation URLs and a few minor typos. --- .../compose/how-tos/environment-variables/envvars.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/manuals/compose/how-tos/environment-variables/envvars.md b/content/manuals/compose/how-tos/environment-variables/envvars.md index 88410e4ce6d9..67d5929673fa 100644 --- a/content/manuals/compose/how-tos/environment-variables/envvars.md +++ b/content/manuals/compose/how-tos/environment-variables/envvars.md @@ -50,7 +50,7 @@ Compose can set the project name in different ways. The level of precedence (fro 1. The `-p` command line flag 2. `COMPOSE_PROJECT_NAME` -3. The top level `name:` variable from the config file (or the last `name:` from +3. The top-level `name:` variable from the config file (or the last `name:` from a series of config files specified using `-f`) 4. The `basename` of the project directory containing the config file (or containing the first config file specified using `-f`) @@ -78,7 +78,7 @@ Specifies the path to a Compose file. Specifying multiple Compose files is suppo ``` The path separator can also be customized using [`COMPOSE_PATH_SEPARATOR`](#compose_path_separator). -See also the [command-line options overview](/reference/cli/docker/compose/_index.md#command-options-overview-and-help) and [using `-f` to specify name and path of one or more Compose files](/reference/cli/docker/compose/_index.md#use--f-to-specify-name-and-path-of-one-or-more-compose-files). +See also the [command-line options overview](/reference/cli/docker/compose/_index.md#command-options-overview-and-help) and [using `-f` to specify name and path of one or more Compose files](/reference/cli/docker/compose/_index.md#use--f-to-specify-the-name-and-path-of-one-or-more-compose-files). ### COMPOSE\_PROFILES @@ -86,18 +86,18 @@ Specifies one or more profiles to be enabled when `docker compose up` is run. Services with matching profiles are started as well as any services for which no profile has been defined. -For example, calling `docker compose up`with `COMPOSE_PROFILES=frontend` selects services with the +For example, calling `docker compose up` with `COMPOSE_PROFILES=frontend` selects services with the `frontend` profile as well as any services without a profile specified. If specifying multiple profiles, use a comma as a separator. -This following example enables all services matching both the `frontend` and `debug` profiles and services without a profile. +The following example enables all services matching both the `frontend` and `debug` profiles and services without a profile. ```console COMPOSE_PROFILES=frontend,debug ``` -See also [Using profiles with Compose](../profiles.md) and the [`--profile` command-line option](/reference/cli/docker/compose/_index.md#use---profile-to-specify-one-or-more-active-profiles). +See also [Using profiles with Compose](../profiles.md) and the [`--profile` command-line option](/reference/cli/docker/compose/_index.md#use-profiles-to-enable-optional-services). ### COMPOSE\_CONVERT\_WINDOWS\_PATHS @@ -179,7 +179,7 @@ When enabled, Compose displays a navigation menu where you can choose to open th - Supported values: - `true` or `1`, to enable - `false` or `0`, to disable -- Defaults to: `1` if you obtained Docker Compose through Docker Desktop, otherwise default is `0` +- Defaults to: `1` if you obtained Docker Compose through Docker Desktop, otherwise the default is `0` ### COMPOSE\_EXPERIMENTAL From d30062456ccb1fdbfbe1c9dd7af5f3c6f145aa28 Mon Sep 17 00:00:00 2001 From: Eduardo Diaz Date: Thu, 1 May 2025 10:41:59 +0200 Subject: [PATCH 10/30] Update oci-artifact.md (#22489) ## Description Included the -y option to bypass interactive confirmation in the OCI artifact documentation ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- content/manuals/compose/how-tos/oci-artifact.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/manuals/compose/how-tos/oci-artifact.md b/content/manuals/compose/how-tos/oci-artifact.md index 33ce8042fc22..0791df4e6f6b 100644 --- a/content/manuals/compose/how-tos/oci-artifact.md +++ b/content/manuals/compose/how-tos/oci-artifact.md @@ -141,3 +141,9 @@ Do you want to continue? [y/N]: y Your compose stack "oci://registry.example.com/stack:latest" is stored in "~/Library/Caches/docker-compose/964e715660d6f6c3b384e05e7338613795f7dcd3613890cfa57e3540353b9d6d" ``` + +The `docker compose publish` command supports non-interactive execution, letting you skip the confirmation prompt by including the `-y` (or `--yes`) flag: + +```console +$ docker compose publish -y username/my-compose-app:latest +``` From 21ac2784c0471e27b0beda5c2bf9ae585f919dbf Mon Sep 17 00:00:00 2001 From: Gen Whitt <107279666+genwhittTTD@users.noreply.github.com> Date: Sun, 4 May 2025 17:11:25 -0400 Subject: [PATCH 11/30] edits to some headings x 2 (#22563) ## Description Update to additional headings: just one. General comment: best to steer away from gerunds (-ing ending) in headings. Most of the headings are not that, so, consistency is best. ## Related issues or tickets Issue 22559, second PR on that issues. ## Reviews To Sarah Sanders for review. --- data/engine-cli/docker_image_build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/engine-cli/docker_image_build.yaml b/data/engine-cli/docker_image_build.yaml index 2c7c1f28d455..eb62cfecb37c 100644 --- a/data/engine-cli/docker_image_build.yaml +++ b/data/engine-cli/docker_image_build.yaml @@ -51,7 +51,7 @@ long: |- file to exclude files and directories that you don't require in your build from being sent as part of the build context. - #### Accessing paths outside the build context + #### Access paths outside the build context The legacy builder will error out if you try to access files outside of the build context using relative paths in your Dockerfile. From a3918887e8a1d8eaa3fb7a1e7210226565c1c4a9 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Mon, 5 May 2025 16:57:06 +0100 Subject: [PATCH 12/30] ENGDOCS-2593 (#22523) ## Description ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- .../ai/mcp-catalog-and-toolkit/_index.md | 43 +++++++++ .../ai/mcp-catalog-and-toolkit/catalog.md | 94 +++++++++++++++++++ .../ai/mcp-catalog-and-toolkit/toolkit.md | 53 +++++++++++ 3 files changed, 190 insertions(+) create mode 100644 content/manuals/ai/mcp-catalog-and-toolkit/_index.md create mode 100644 content/manuals/ai/mcp-catalog-and-toolkit/catalog.md create mode 100644 content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/_index.md b/content/manuals/ai/mcp-catalog-and-toolkit/_index.md new file mode 100644 index 000000000000..ef550dacb32f --- /dev/null +++ b/content/manuals/ai/mcp-catalog-and-toolkit/_index.md @@ -0,0 +1,43 @@ +--- +title: Docker MCP Catalog and Toolkit +linkTitle: MCP Catalog and Toolkit +params: + sidebar: + group: AI + badge: + color: green + text: New +weight: 30 +description: Learn about Docker's MCP catalog on Docker Hub and how to use it with the MCP Toolkit extension +keywords: Docker, ai, mcp servers, ai agents, extension, docker desktop, llm, docker hub +grid: + - title: MCP Catalog + description: Learn about the benefits of the MCP Catalog, how you can use it, and how you can contribute + icon: hub + link: /ai/mcp-catalog-and-toolkit/catalog/ + - title: MCP Toolkit + description: Learn about how to use the MCP Toolkit extension on Docker Desktop + icon: manufacturing + link: /ai/mcp-catalog-and-toolkit/toolkit/ +--- + +The Model Context Protocol (MCP) is a modern standard that transforms AI agents from passive responders into action-oriented systems. By standardizing how tools are described, discovered, and invoked, MCP enables agents to securely query APIs, access data, and execute services across diverse environments. + +As agents move into production, MCP solves common integration challenges — interoperability, reliability, and security — by providing a consistent, decoupled, and scalable interface between agents and tools. Just as containers redefined software deployment, MCP is reshaping how AI systems interact with the world. + +## What is Docker MCP Catalog and Toolkit? + +Docker MCP Catalog and Toolkit is a comprehensive solution for securely building, sharing, and running MCP tools. It simplifies the developer experience across four key areas: + +- Discovery: A central catalog with verified, versioned tools +- Credential Management: OAuth-based and secure by default +- Execution: Tools run in isolated, containerized environments +- Portability: Use MCP tools across Claude, Cursor, VS Code, and more — no code changes needed + +With Docker Hub and the Docker Desktop extension, you can: + +- Launch MCP servers in seconds +- Add tools via CLI or GUI +- Rely on Docker’s pull-based infrastructure for trusted delivery + +{{< grid >}} diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md b/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md new file mode 100644 index 000000000000..388f3925d707 --- /dev/null +++ b/content/manuals/ai/mcp-catalog-and-toolkit/catalog.md @@ -0,0 +1,94 @@ +--- +title: Docker MCP Catalog +description: Learn about the benefits of the MCP Catalog, how you can use it, and how you can contribute +keywords: docker hub, mcp, mcp servers, ai agents, calatog, docker +--- + +The [Docker MCP Catalog](https://hub.docker.com/catalogs/mcp) is a centralized, trusted registry for discovering, sharing, and running MCP-compatible tools. Seamlessly integrated into Docker Hub, it offers verified, versioned, and curated MCP servers packaged as Docker images. + +The catalog also solves common MCP server challenges: + +- Environment conflicts: Tools often need specific runtimes that may clash with existing setups. +- Lack of isolation: Traditional setups risk exposing the host system. +- Setup complexity: Manual installation and configuration result in slow adoption. +- Inconsistency across platforms: Tools may behave unpredictably on different OSes. + +With Docker, each MCP server runs as a self-contained container so it is portable, isolated, and consistent. You can launch tools instantly using Docker CLI or Docker Desktop, without worrying about dependencies or compatibility. + +## Key features + +- Over 100 verified MCP servers in one place +- Publisher verification and versioned releases +- Pull-based distribution using Docker’s infrastructure +- Tools provided by partners such as New Relic, Stripe, Grafana, and more + +## How it works + +Each tool in the MCP Catalog is packaged as a Docker image with metadata. Developers can: + +- Discover tools via Docker Hub under the mcp/ namespace. +- Connect tools to their preferred agents with simple configuration through the [MCP Toolkit](toolkit.md) +- Pull and run tools using Docker Desktop or the CLI. + +Each catalog entry provides: + +- Tool description and metadata +- Version history +- Example configuration for agent integration + +## Example: How to use an MCP server from Docker Hub + +The following example uses the Puppeteer MCP server to take a screenshot of a website and invert the colors using Claude Desktop. + +{{< tabs >}} +{{< tab name="Using the MCP Toolkit (Recommended)" >}} + +1. Make sure you have [installed the Docker Desktop Docker MCP Toolkit extension](toolkit.md). +2. From the extension, search for the Puppeteer MCP server in the **MCP Servers** tab, and toggle it on to enable. +3. From the **MCP Clients** tab, select the **Connect** button for Claude Desktop. +4. Within Claude Desktop, submit the following prompt using the Sonnet 3.5 model: + + ```text + Take a screenshot of docs.docker.com and then invert the colors + ``` + +{{< /tab >}} +{{< tab name="Manually set it up" >}} + +1. Update the `claude_desktop_config.json` file to include the following configuration: + + ```json + { + "mcpServers": { + "puppeteer": { + "command": "docker", + "args": [ + "run", + "-i", + "--rm", + "-e", + "DOCKER_CONTAINER", + "mcp/puppeteer" + ], + "env": { + "DOCKER_CONTAINER": "true" + } + } + } + } + ``` +2. Restart Claude Desktop to apply the changed config file. +3. Submit the following prompt using the Sonnet 3.5 model: + + ```text + Take a screenshot of docs.docker.com and then invert the colors + ``` + +Once you've given your consent to use the new tools, Claude spins up the Puppeteer MCP server inside a container, navigates to the target URL, captures and modify the page, and returns the screenshot. + +{{< /tab >}} +{{< /tabs >}} + +## Contribute an MCP server to the catalog + +If you would like to add you MCP server to the Docker MCP Catalog, fill out the Docker [MCP submission form](https://www.docker.com/products/mcp-catalog-and-toolkit/#get_updates). \ No newline at end of file diff --git a/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md b/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md new file mode 100644 index 000000000000..3af9971dbab9 --- /dev/null +++ b/content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md @@ -0,0 +1,53 @@ +--- +title: MCP Toolkit +description: +keywords: +--- + +The Docker MCP Toolkit is a Docker Desktop extension local that enables seamless setup, management, and execution of containerized MCP servers and their connections to AI agents. It removes the friction from tool usage by offering secure defaults, one-click setup, and support for a growing ecosystem of LLM-based clients. It is the fastest path from MCP tool discovery to local execution. + +## Key features + +- Cross-LLM compatibility: Works out of the box with Claude Desktop, Cursor, Continue.dev, and [Gordon](/manuals/ai/gordon/_index.md). +- Integrated tool discovery: Browse and launch MCP servers that are available in the Docker MCP Catalog, directly from Docker Desktop. +- No manual setup: Skip dependency management, runtime setup, and manual server configuration. + +## How it works + +The **MCP Servers** tab lists all available servers from the Docker MCP Catalog. Each entry includes: + +- Tool name and description +- Partner/publisher +- Number of callable tools and what they are + +To enable an MCP server, simply use the toggle switch to toggle it on. + +> [!NOTE] +> +> Some MCP servers requires secrets or tokens to be configured before it can be enabled. Instructions on how to do this can be found on each MCP servers' repository. + +The **MCP Clients** tab lets you connect your enabled MCP servers to supported agents. Connection is as simple as selecting **Connect**, so you can switch between LLM providers without altering your MCP server integrations or security configurations. + +## Installation + +To install the Docker MCP Toolkit extension: + +1. In the Docker Desktop Dashboard, select the **Extensions** view, and then select **Manage**. +2. Select the **Browse** tab and search for **Docker MCP Toolkit**. +3. On the **Docker MCP Toolkit** result, select install. + +The extension then appears under the **My extensions** tab. + +### Example + +The following example assumes you have already installed and set up Claude Desktop. + +1. In the Docker MCP Toolkit extension, search for the Puppeteer MCP server in the **MCP Servers** tab, and toggle it on to enable. +2. From the **MCP Clients** tab, select the **Connect** button for Claude Desktop. +3. Within Claude Desktop, submit the following prompt using the Sonnet 3.5 model: + + ```text + Take a screenshot of docs.docker.com and then invert the colors + ``` + +Once you've given your consent to use the new tools, Claude spins up the Puppeteer MCP server inside a container, navigates to the target URL, captures and modify the page, and returns the screenshot. \ No newline at end of file From 8593b9ab03161565907b166979a40d58ea90c039 Mon Sep 17 00:00:00 2001 From: Nicolas Beck Date: Mon, 5 May 2025 19:19:23 +0200 Subject: [PATCH 13/30] docs(ci): clarify credentials setup for DBC CI/CD (#22587) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description This PR updates the Docker Build Cloud CI documentation to clarify the setup of credentials for CI/CD pipelines. The changes include: - Renaming the section to “Setting up credentials for CI/CD” and integrating guidance on both access tokens and the required username (`DOCKER_USER`). - Explaining when to use an organization access token (OAT) versus a personal access token (PAT), and which value to use for `DOCKER_USER` in each case. - Updating the build timeout note from 2 hours to 90 minutes. ## Related issues or tickets N/A – Documentation improvement and clarification. ## Reviews - [ ] Technical review — Confirm technical accuracy of credential setup and variable usage. - [ ] Editorial review — Check for clarity, consistency, and adherence to Docker copy guidelines. - [ ] Product review — Ensure the documentation aligns with product requirements and user needs. --- content/manuals/build-cloud/ci.md | 63 +++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 20 deletions(-) diff --git a/content/manuals/build-cloud/ci.md b/content/manuals/build-cloud/ci.md index 71a709f30328..f51931381830 100644 --- a/content/manuals/build-cloud/ci.md +++ b/content/manuals/build-cloud/ci.md @@ -29,30 +29,53 @@ See [Loading build results](./usage/#loading-build-results) for details. > [!NOTE] > -> Builds on Docker Build Cloud have a timeout limit of two hours. Builds that -> run for longer than two hours are automatically cancelled. +> Builds on Docker Build Cloud have a timeout limit of 90 minutes. Builds that +> run for longer than 90 minutes are automatically cancelled. -## CI platform examples +## Setting up credentials for CI/CD -### GitHub Actions +To enable your CI/CD system to build and push images using Docker Build Cloud, provide both an access token and a username. The type of token and the username you use depend on your account type and permissions. + +- If you are an organization administrator or have permission to create [organization access tokens (OAT)](../security/for-admins/access-tokens.md), use an OAT and set `DOCKER_USER` to your Docker Hub organization name. +- If you do not have permission to create OATs or are using a personal account, use a [personal access token (PAT)](/security/for-developers/access-tokens/) and set `DOCKER_USER` to your Docker Hub username. + +### Creating access tokens + +#### For organization accounts + +If you are an organization administrator: + +1. Create an [organization access token (OAT)](../security/for-admins/access-tokens.md): + - The token must have these permissions: + - **cloud-connect** scope + - **Read public repositories** permission + - **Repository access** with **Image push** permission for the target repository: + - Expand the **Repository** drop-down. + - Select **Add repository** and choose your target repository. + - Set the **Image push** permission for the repository. + +If you are not an organization administrator: + +- Ask your organization administrator for an access token with the permissions listed above, or use a personal access token. + +#### For personal accounts + +1. Create a [personal access token (PAT)](/security/for-developers/access-tokens/): + - Create a new token with **Read & write** access. + - Note: Building with Docker Build Cloud only requires read access, but you need write access to push images to a Docker Hub repository. + + +## CI platform examples > [!NOTE] > -> Version 4.0.0 and later of `docker/build-push-action` and -> `docker/bake-action` builds images with [provenance attestations by -> default](/manuals/build/ci/github-actions/attestations.md#default-provenance). Docker -> Build Cloud automatically attempts to load images to the local image store if -> you don't explicitly push them to a registry. -> -> This results in a conflicting scenario where if you build a tagged image -> without pushing it to a registry, Docker Build Cloud attempts to load images -> containing attestations. But the local image store on the GitHub runner -> doesn't support attestations, and the image load fails as a result. +> In your CI/CD configuration, set the following variables: +> - `DOCKER_PAT` — your access token (PAT or OAT) +> - `DOCKER_USER` — your Docker Hub username (for PAT) or organization name (for OAT) > -> If you want to load images built with `docker/build-push-action` together -> with Docker Build Cloud, you must disable provenance attestations by setting -> `provenance: false` in the GitHub Action inputs (or in `docker-bake.hcl` if -> you use Bake). +> This ensures your builds authenticate correctly with Docker Build Cloud. + +### GitHub Actions ```yaml name: ci @@ -381,7 +404,7 @@ mkdir -vp ~/.docker/cli-plugins/ curl --silent -L --output ~/.docker/cli-plugins/docker-buildx $BUILDX_URL chmod a+x ~/.docker/cli-plugins/docker-buildx -# Login to Docker Hub. For security reasons $DOCKER_PAT should be a Personal Access Token. See https://docs.docker.com/security/for-developers/access-tokens/ +# Login to Docker Hub. For security reasons $DOCKER_PAT should be a Personal Access Token. See https://docs.docker.com/build-cloud/ci/#creating-access-tokens echo "$DOCKER_PAT" | docker login --username $DOCKER_USER --password-stdin # Connect to your builder and set it as the default builder @@ -426,7 +449,7 @@ curl --silent -L --output ~/.docker/cli-plugins/docker-compose $COMPOSE_URL chmod a+x ~/.docker/cli-plugins/docker-buildx chmod a+x ~/.docker/cli-plugins/docker-compose -# Login to Docker Hub. For security reasons $DOCKER_PAT should be a Personal Access Token. See https://docs.docker.com/security/for-developers/access-tokens/ +# Login to Docker Hub. For security reasons $DOCKER_PAT should be a Personal Access Token. See https://docs.docker.com/build-cloud/ci/#creating-access-tokens echo "$DOCKER_PAT" | docker login --username $DOCKER_USER --password-stdin # Connect to your builder and set it as the default builder From 178942c8da7bcfa81e3900c855a622d865b58e79 Mon Sep 17 00:00:00 2001 From: Usha Mandya Date: Tue, 6 May 2025 10:29:48 +0100 Subject: [PATCH 14/30] fix a broken link Signed-off-by: Usha Mandya --- content/manuals/ai/model-runner.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/manuals/ai/model-runner.md b/content/manuals/ai/model-runner.md index 1f8aab071af9..84898f989dd5 100644 --- a/content/manuals/ai/model-runner.md +++ b/content/manuals/ai/model-runner.md @@ -11,6 +11,7 @@ description: Learn how to use Docker Model Runner to manage and run AI models. keywords: Docker, ai, model runner, docker deskotp, llm aliases: - /desktop/features/model-runner/ + - /ai/model-runner/ --- {{< summary-bar feature_name="Docker Model Runner" >}} From 724acd40664e4b02ea4affb0a7e22e6adde6a735 Mon Sep 17 00:00:00 2001 From: Andrey Sobolev Date: Tue, 6 May 2025 16:13:34 +0300 Subject: [PATCH 15/30] Fix typos in the Resource constraints manual (#22594) --- .../engine/containers/resource_constraints.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/manuals/engine/containers/resource_constraints.md b/content/manuals/engine/containers/resource_constraints.md index 09e04a4a37e4..5f9efc616eba 100644 --- a/content/manuals/engine/containers/resource_constraints.md +++ b/content/manuals/engine/containers/resource_constraints.md @@ -69,8 +69,8 @@ You can mitigate the risk of system instability due to OOME by: Docker can enforce hard or soft memory limits. -- Hard limits lets the container use no more than a fixed amount of memory. -- Soft limits lets the container use as much memory as it needs unless certain +- Hard limits let the container use no more than a fixed amount of memory. +- Soft limits let the container use as much memory as it needs unless certain conditions are met, such as when the kernel detects low memory or contention on the host machine. @@ -162,7 +162,7 @@ a container. Consider the following scenarios: an OOM error. If the kernel memory limit is higher than the user memory limit, the kernel limit doesn't cause the container to experience an OOM. -When you enable kernel memory limits, the host machine tracks "high water mark" +When you enable kernel memory limits, the host machine tracks the "high water mark" statistics on a per-process basis, so you can track which processes (in this case, containers) are using excess memory. This can be seen per process by viewing `/proc//status` on the host machine. @@ -186,7 +186,7 @@ the container's cgroup on the host machine. | :--------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `--cpus=` | Specify how much of the available CPU resources a container can use. For instance, if the host machine has two CPUs and you set `--cpus="1.5"`, the container is guaranteed at most one and a half of the CPUs. This is the equivalent of setting `--cpu-period="100000"` and `--cpu-quota="150000"`. | | `--cpu-period=` | Specify the CPU CFS scheduler period, which is used alongside `--cpu-quota`. Defaults to 100000 microseconds (100 milliseconds). Most users don't change this from the default. For most use-cases, `--cpus` is a more convenient alternative. | -| `--cpu-quota=` | Impose a CPU CFS quota on the container. The number of microseconds per `--cpu-period` that the container is limited to before throttled. As such acting as the effective ceiling. For most use-cases, `--cpus` is a more convenient alternative. | +| `--cpu-quota=` | Impose a CPU CFS quota on the container. The number of microseconds per `--cpu-period` that the container is limited to before being throttled. As such acting as the effective ceiling. For most use-cases, `--cpus` is a more convenient alternative. | | `--cpuset-cpus` | Limit the specific CPUs or cores a container can use. A comma-separated list or hyphen-separated range of CPUs a container can use, if you have more than one CPU. The first CPU is numbered 0. A valid value might be `0-3` (to use the first, second, third, and fourth CPU) or `1,3` (to use the second and fourth CPU). | | `--cpu-shares` | Set this flag to a value greater or less than the default of 1024 to increase or reduce the container's weight, and give it access to a greater or lesser proportion of the host machine's CPU cycles. This is only enforced when CPU cycles are constrained. When plenty of CPU cycles are available, all containers use as much CPU as they need. In that way, this is a soft limit. `--cpu-shares` doesn't prevent containers from being scheduled in Swarm mode. It prioritizes container CPU resources for the available CPU cycles. It doesn't guarantee or reserve any specific CPU access. | @@ -234,7 +234,7 @@ for real-time tasks per runtime period. For instance, with the default period of containers using the real-time scheduler can run for 950000 microseconds for every 1000000-microsecond period, leaving at least 50000 microseconds available for non-real-time tasks. To make this configuration permanent on systems which use -`systemd`, create a systemd unit file for the `docker` service. For an example, +`systemd`, create a systemd unit file for the `docker` service. For example, see the instruction on how to configure the daemon to use a proxy with a [systemd unit file](../daemon/proxy.md#systemd-unit-file). @@ -343,6 +343,6 @@ environment variables. More information on valid variables can be found in the [nvidia-container-toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/docker-specialized.html) documentation. These variables can be set in a Dockerfile. -You can also use CUDA images which sets these variables automatically. See the +You can also use CUDA images, which set these variables automatically. See the official [CUDA images](https://catalog.ngc.nvidia.com/orgs/nvidia/containers/cuda) NGC catalog page. From 0e77409f23a3d1012b746db17a00edaf3d95972a Mon Sep 17 00:00:00 2001 From: fliespl Date: Wed, 1 Jan 2025 20:50:16 +0100 Subject: [PATCH 16/30] add another iptables rule to allow dns queries from container Co-authored-by: Rob Murray Co-authored-by: fliespl Signed-off-by: Sebastiaan van Stijn --- .../engine/network/packet-filtering-firewalls.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/content/manuals/engine/network/packet-filtering-firewalls.md b/content/manuals/engine/network/packet-filtering-firewalls.md index 2ca6cea12a1d..cc935a2ebaf0 100644 --- a/content/manuals/engine/network/packet-filtering-firewalls.md +++ b/content/manuals/engine/network/packet-filtering-firewalls.md @@ -126,6 +126,17 @@ the source and destination. For instance, if the Docker host has addresses `2001:db8:1111::2` and `2001:db8:2222::2`, you can make rules specific to `2001:db8:1111::2` and leave `2001:db8:2222::2` open. +You may need to allow responses from servers outside the permitted external address +ranges. For example, containers may send DNS or HTTP requests to hosts that are +not allowed to access the container's services. The following rule accepts any +incoming or outgoing packet belonging to a flow that has already been accepted +by other rules. It must be placed before `DROP` rules that restrict access from +external address ranges. + +```console +$ iptables -I DOCKER-USER -m state --state RELATED,ESTABLISHED -j ACCEPT +``` + `iptables` is complicated. There is a lot more information at [Netfilter.org HOWTO](https://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html). ### Direct routing From a7fa0f49755488b8bf01064eb0fd7450e29c37f0 Mon Sep 17 00:00:00 2001 From: George Gabolaev Date: Tue, 6 May 2025 10:02:52 +0200 Subject: [PATCH 17/30] 4.41.2 release notes --- content/manuals/desktop/release-notes.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 6e6df443d5c9..3a3a5550bd52 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -29,6 +29,18 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo > > If you're experiencing malware detection issues on Mac, follow the steps documented in [docker/for-mac#7527](https://github.com/docker/for-mac/issues/7527). +## 4.41.2 + +{{< release-date date="2025-05-06" >}} + +{{< desktop-install-v2 all=true beta_win_arm=true version="4.41.2" build_path="/TODO/" >}} + +### Bug fixes and enhancements + +#### For all platforms + +- Fixed an issue where the `Models` menu was displayed in the GUI even when Docker Model Runner was not supported or not enabled. + ## 4.41.1 {{< release-date date="2025-04-30" >}} From e6190392d5f6464a27c2aa51b3b5cb5a8a0a33f2 Mon Sep 17 00:00:00 2001 From: george Date: Tue, 6 May 2025 19:33:19 +0200 Subject: [PATCH 18/30] add build number --- content/manuals/desktop/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md index 3a3a5550bd52..48295917df0b 100644 --- a/content/manuals/desktop/release-notes.md +++ b/content/manuals/desktop/release-notes.md @@ -33,7 +33,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo {{< release-date date="2025-05-06" >}} -{{< desktop-install-v2 all=true beta_win_arm=true version="4.41.2" build_path="/TODO/" >}} +{{< desktop-install-v2 all=true beta_win_arm=true version="4.41.2" build_path="/191736/" >}} ### Bug fixes and enhancements From 525edfa74d967b1bb3ecc04bc31296e0e1a4f9cd Mon Sep 17 00:00:00 2001 From: Andrey Sobolev Date: Wed, 7 May 2025 10:39:54 +0300 Subject: [PATCH 19/30] Merge pull request #22553 from duffuniverse/fix-typos-in-use-compose-watch-manual Fix typos in the Use Compose Watch manual --- content/manuals/compose/how-tos/file-watch.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/manuals/compose/how-tos/file-watch.md b/content/manuals/compose/how-tos/file-watch.md index 5cef4963916e..e59386d267eb 100644 --- a/content/manuals/compose/how-tos/file-watch.md +++ b/content/manuals/compose/how-tos/file-watch.md @@ -31,8 +31,8 @@ Compose supports sharing a host directory inside service containers. Watch mode More importantly, `watch` allows for greater granularity than is practical with a bind mount. Watch rules let you ignore specific files or entire directories within the watched tree. For example, in a JavaScript project, ignoring the `node_modules/` directory has two benefits: -* Performance. File trees with many small files can cause high I/O load in some configurations -* Multi-platform. Compiled artifacts cannot be shared if the host OS or architecture is different to the container +* Performance. File trees with many small files can cause a high I/O load in some configurations +* Multi-platform. Compiled artifacts cannot be shared if the host OS or architecture is different from the container For example, in a Node.js project, it's not recommended to sync the `node_modules/` directory. Even though JavaScript is interpreted, `npm` packages can contain native code that is not portable across platforms. @@ -88,12 +88,12 @@ If `action` is set to `rebuild`, Compose automatically builds a new image with B The behavior is the same as running `docker compose up --build `. -Rebuild is ideal for compiled languages or as fallbacks for modifications to particular files that require a full +Rebuild is ideal for compiled languages or as a fallback for modifications to particular files that require a full image rebuild (e.g. `package.json`). #### Sync + Restart -If `action` is set to `sync+restart`, Compose synchronizes your changes with the service containers and restarts it. +If `action` is set to `sync+restart`, Compose synchronizes your changes with the service containers and restarts them. `sync+restart` is ideal when the config file changes, and you don't need to rebuild the image but just restart the main process of the service containers. It will work well when you update a database configuration or your `nginx.conf` file, for example. From f3126d8a54462ce5cee6f97e879fbb24524dd426 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Wed, 7 May 2025 14:20:28 -0400 Subject: [PATCH 20/30] security: domain management (#22477) ## Description - Adds Domain management guide separate from Domain audit (open to discussing where else to put this) - Adds steps to add and verify a domain, removing mention of SSO ## Related issues or tickets - https://docker.atlassian.net/browse/ENGDOCS-2543 ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- .../security/for-admins/domain-management.md | 158 ++++++++++++++++++ data/summary.yaml | 3 + 2 files changed, 161 insertions(+) create mode 100644 content/manuals/security/for-admins/domain-management.md diff --git a/content/manuals/security/for-admins/domain-management.md b/content/manuals/security/for-admins/domain-management.md new file mode 100644 index 000000000000..8a2e99a454fa --- /dev/null +++ b/content/manuals/security/for-admins/domain-management.md @@ -0,0 +1,158 @@ +--- +description: Learn how to manage domains and users in the Admin Console +keywords: domain management, security, identify users, manage users +title: Domain management +weight: 55 +--- + +{{< summary-bar feature_name="Domain management" >}} + +Domain management lets you add and verify domains, and enable +auto-provisioning for users. Auto-provisioning adds users to your +organization when they sign in with an email address that matches a verified +domain. + +This simplifies user management, ensures consistent security settings, and +reduces the risk of unmanaged users accessing Docker without visibility +or control. + +## Add a domain + +1. Sign in to the [Admin Console](https://admin.docker.com/). +2. Select your organization or company from the **Choose profile** page. +If your organization is part of a company, select the company +and configure the domain for the organization at the company level. +3. Under **Security and access**, select **Domain management**. +4. Select **Add a domain**. +5. Enter your domain and select **Add domain**. +6. In the pop-up modal, copy the **TXT Record Value** to verify your domain. + +## Verify a domain + +Verifying your domain confirms that you own it. To verify, add a TXT record to +your Domain Name System (DNS) host using the value provided by Docker. This +value proves ownership and instructs your DNS to publish the record. + +It can take up to 72 hours for the DNS change to propagate. Docker automatically +checks for the record and confirms ownership once the change is recognized. + +Follow your DNS provider’s documentation to add the **TXT Record Value**. If +your provider isn't listed, use the steps for other providers. + +> [!TIP] +> +> The record name field determines where the TXT record is added in your domain +(root or subdomain). In general, refer to the following tips for +adding a record name: +> +> - Use `@` or leave the record name empty for root domains like `example.com`, +depending on your provider. +> - Don't enter values like `docker`, `docker-verification`, `www`, or your +domain name. These values may direct to the wrong place. +> +> Check your DNS provider's documentation to verify record name requirements. + +{{< tabs >}} +{{< tab name="AWS Route 53" >}} + +1. To add your TXT record to AWS, see [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html). +2. TXT record verification can take 72 hours. Once you have waited for +TXT record verification, return to the **Domain management** page of the +[Admin Console](https://app.docker.com/admin) and select **Verify** next to +your domain name. + +{{< /tab >}} +{{< tab name="Google Cloud DNS" >}} + +1. To add your TXT record to Google Cloud DNS, see [Verifying your domain with a TXT record](https://cloud.google.com/identity/docs/verify-domain-txt). +2. TXT record verification can take 72 hours. Once you have waited for TXT +record verification, return to the **Domain management** page of the +[Admin Console](https://app.docker.com/admin) and select **Verify** next to +your domain name. + +{{< /tab >}} +{{< tab name="GoDaddy" >}} + +1. To add your TXT record to GoDaddy, see [Add a TXT record](https://www.godaddy.com/help/add-a-txt-record-19232). +2. TXT record verification can take 72 hours. Once you have waited for TXT +record verification, return to the **Domain management** page of the +[Admin Console](https://app.docker.com/admin) and select **Verify** next to your +domain name. + +{{< /tab >}} +{{< tab name="Other providers" >}} + +1. Sign in to your domain host. +2. Add a TXT record to your DNS settings and save the record. +3. TXT record verification can take 72 hours. Once you have waited for TXT +record verification, return to the **Domain management** page of the +[Admin Console](https://app.docker.com/admin) and select **Verify** next to +your domain name. + +{{< /tab >}} +{{< /tabs >}} + +## Delete a domain + +Deleting a domain removes the assigned TXT record value. To delete a domain: + +1. Sign in to the [Admin Console](https://admin.docker.com/). +2. Select your organization or company from the **Choose profile** page. +If your organization is part of a company, select the company +and configure the domain for the organization at the company level. +3. Under **Security and access**, select **Domain management**. +4. For the domain you want to delete, section the **Actions** menu, then +**Delete domain**. +5. To confirm, select **Delete domain** in the pop-up modal. + +## Auto-provisioning + +You must add and verify a domain before enabling auto-provisioning. This +confirms your organization owns the domain. Once a domain is verified, +Docker can automatically associate matching users with your organization. +Auto-provisioning does not require an SSO connection. + +> [!IMPORTANT] +> +> For domains that are part of an SSO connection, Just-in-Time (JIT) overrides +auto-provisioning to add users to an organization. + +### How it works + +When auto-provisioning is enabled for a verified domain, the next time a user +signs into Docker with an email address that is associated with your verified +domain, they are automatically added to your organization. Auto-provisioning +does not create accounts for new users, it adds existing unassociated users to +your organization. Users will *not* experience any sign in or user experience +changes. + +When a new user is auto-provisioned, company and organization owners will +receive an email notifying them that a new user has been added to their +organization. If you need to add more seats to your organization to +to accomodate new users, see [Manage seats](/manuals/subscription/manage-seats.md). + +### Enable auto-provisioning + +Auto-provisioning is enabled per user. To enable +auto-provisioning: + +1. Open the [Admin Console](https://app.docker.com/admin). +2. Select **Domain management** from the left-hand navigation. +3. Select the **Actions menu** next to the user you want to enable +auto-provisioning for. +4. Select **Enable auto-provisioning**. +5. Optional. If enabling auto-provisioning at the company level, select an +organization for the user. +6. Select **Enable** to confirm. + +The **Auto-provisioning** column will update to **Enabled**. + +### Disable auto-provisioning + +To disable auto-provisioning for a user: + +1. Open the [Admin Console](https://app.docker.com/admin). +2. Select **Domain management** from the left-hand navigation. +3. Select the **Actions menu** next to your user. +4. Select **Disable auto-provisioning**. +5. Select **Disable**. diff --git a/data/summary.yaml b/data/summary.yaml index 3f5953caf82b..01f870c28e66 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -165,6 +165,9 @@ Docker Scout Mount Permissions: Domain audit: subscription: [Business] for: Administrators +Domain management: + subscription: [Business] + for: Administrators Enforce sign-in: subscription: [Business] for: Administrators From c4aa3a4705c286021de7287d658174ca55810ba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lio=E6=9D=8E=E6=AD=90?= Date: Thu, 8 May 2025 00:40:11 -0700 Subject: [PATCH 21/30] Update model-runner.md: replace hyphens (#22603) ## Description This makes the resulting env vars `AI_RUNNER_URL` and `AI_RUNNER_MODEL` actually accessible in different languages. ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --- content/manuals/compose/how-tos/model-runner.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/manuals/compose/how-tos/model-runner.md b/content/manuals/compose/how-tos/model-runner.md index 36d27b2b7eba..2a7fca43ca83 100644 --- a/content/manuals/compose/how-tos/model-runner.md +++ b/content/manuals/compose/how-tos/model-runner.md @@ -33,21 +33,21 @@ services: chat: image: my-chat-app depends_on: - - ai-runner + - ai_runner - ai-runner: + ai_runner: provider: type: model options: model: ai/smollm2 ``` -Notice the dedicated `provider` attribute in the `ai-runner` service. +Notice the dedicated `provider` attribute in the `ai_runner` service. This attribute specifies that the service is a model provider and lets you define options such as the name of the model to be used. There is also a `depends_on` attribute in the `chat` service. -This attribute specifies that the `chat` service depends on the `ai-runner` service. -This means that the `ai-runner` service will be started before the `chat` service to allow injection of model information to the `chat` service. +This attribute specifies that the `chat` service depends on the `ai_runner` service. +This means that the `ai_runner` service will be started before the `chat` service to allow injection of model information to the `chat` service. ## How it works @@ -56,8 +56,8 @@ It also sends Compose the model tag name and the URL to access the model runner. This information is then passed to services which declare a dependency on the model provider. In the example above, the `chat` service receives 2 environment variables prefixed by the service name: - - `AI-RUNNER_URL` with the URL to access the model runner - - `AI-RUNNER_MODEL` with the model name which could be passed with the URL to request the model. + - `AI_RUNNER_URL` with the URL to access the model runner + - `AI_RUNNER_MODEL` with the model name which could be passed with the URL to request the model. This lets the `chat` service to interact with the model and use it for its own purposes. From 1de631c45b3bfc2fa843a1fa3d50c5d6a1f6af58 Mon Sep 17 00:00:00 2001 From: Guillaume Lours <705411+glours@users.noreply.github.com> Date: Thu, 8 May 2025 09:56:01 +0200 Subject: [PATCH 22/30] release-notes for Compose v2.36.0 version (#22600) ## Description Add release notes for Compose version `v2.36.0` ## Related issues or tickets https://docker.atlassian.net/browse/APCLI-1117 ## Reviews - [ ] Technical review - [x] Editorial review - [ ] Product review Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com> --- .../v2/docs/reference/compose_build.md | 1 + .../v2/docs/reference/compose_config.md | 2 +- .../docs/reference/docker_compose_build.yaml | 10 ++++++++++ .../docs/reference/docker_compose_config.yaml | 1 - _vendor/modules.txt | 6 +++--- .../manuals/compose/releases/release-notes.md | 19 +++++++++++++++++++ go.mod | 8 ++++---- go.sum | 2 ++ hugo.yaml | 2 +- 9 files changed, 41 insertions(+), 10 deletions(-) diff --git a/_vendor/github.com/docker/compose/v2/docs/reference/compose_build.md b/_vendor/github.com/docker/compose/v2/docs/reference/compose_build.md index 98d573e44c38..5589a46934c6 100644 --- a/_vendor/github.com/docker/compose/v2/docs/reference/compose_build.md +++ b/_vendor/github.com/docker/compose/v2/docs/reference/compose_build.md @@ -17,6 +17,7 @@ run `docker compose build` to rebuild it. |:----------------------|:--------------|:--------|:------------------------------------------------------------------------------------------------------------| | `--build-arg` | `stringArray` | | Set build-time variables for services | | `--builder` | `string` | | Set builder to use | +| `--check` | `bool` | | Check build configuration | | `--dry-run` | `bool` | | Execute command in dry run mode | | `-m`, `--memory` | `bytes` | `0` | Set memory limit for the build container. Not supported by BuildKit. | | `--no-cache` | `bool` | | Do not use cache when building the image | diff --git a/_vendor/github.com/docker/compose/v2/docs/reference/compose_config.md b/_vendor/github.com/docker/compose/v2/docs/reference/compose_config.md index 9e87efd29cbc..78c1835a5278 100644 --- a/_vendor/github.com/docker/compose/v2/docs/reference/compose_config.md +++ b/_vendor/github.com/docker/compose/v2/docs/reference/compose_config.md @@ -15,7 +15,7 @@ the canonical format. |:--------------------------|:---------|:--------|:----------------------------------------------------------------------------| | `--dry-run` | `bool` | | Execute command in dry run mode | | `--environment` | `bool` | | Print environment used for interpolation. | -| `--format` | `string` | `yaml` | Format the output. Values: [yaml \| json] | +| `--format` | `string` | | Format the output. Values: [yaml \| json] | | `--hash` | `string` | | Print the service config hash, one per line. | | `--images` | `bool` | | Print the image names, one per line. | | `--no-consistency` | `bool` | | Don't check model consistency - warning: may produce invalid Compose output | diff --git a/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_build.yaml b/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_build.yaml index 3f53dcf73628..1197d5314c47 100644 --- a/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_build.yaml +++ b/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_build.yaml @@ -33,6 +33,16 @@ options: experimentalcli: false kubernetes: false swarm: false + - option: check + value_type: bool + default_value: "false" + description: Check build configuration + deprecated: false + hidden: false + experimental: false + experimentalcli: false + kubernetes: false + swarm: false - option: compress value_type: bool default_value: "true" diff --git a/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_config.yaml b/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_config.yaml index 15b1e7dc3989..7ec479b2000b 100644 --- a/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_config.yaml +++ b/_vendor/github.com/docker/compose/v2/docs/reference/docker_compose_config.yaml @@ -21,7 +21,6 @@ options: swarm: false - option: format value_type: string - default_value: yaml description: 'Format the output. Values: [yaml | json]' deprecated: false hidden: false diff --git a/_vendor/modules.txt b/_vendor/modules.txt index ca334bf0d1a8..1a4ad2197dfa 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v28.1.0-rc.2+incompatible -# github.com/moby/buildkit v0.21.0 +# github.com/moby/buildkit v0.21.1 # github.com/docker/buildx v0.23.0 -# github.com/docker/cli v28.1.0+incompatible -# github.com/docker/compose/v2 v2.35.1 +# github.com/docker/cli v28.1.1+incompatible +# github.com/docker/compose/v2 v2.36.0 # github.com/docker/scout-cli v1.15.0 diff --git a/content/manuals/compose/releases/release-notes.md b/content/manuals/compose/releases/release-notes.md index b90bed1afe75..a37c97ff2048 100644 --- a/content/manuals/compose/releases/release-notes.md +++ b/content/manuals/compose/releases/release-notes.md @@ -13,6 +13,25 @@ aliases: For more detailed information, see the [release notes in the Compose repo](https://github.com/docker/compose/releases/). +## 2.36.0 + +{{< release-date date="2025-05-07" >}} + +### Bug fixes and enhancements + +- Introduced `networks.interface_name` +- Added support for `COMPOSE_PROGRESS` env variable +- Added `service.provider` to external binaries +- Introduced build `--check` flag +- Fixed multiple panic issues when parsing Compose files + +### Update + +- Dependencies upgrade: bump compose-go to v2.6.2 +- Dependencies upgrade: bump docker engine and cli to v28.1.0 +- Dependencies upgrade: bump containerd to 2.0.5 +- Dependencies upgrade: bump buildkit to v0.21.1 + ## 2.35.1 {{< release-date date="2025-04-17" >}} diff --git a/go.mod b/go.mod index 155f635ef101..26a9c60f1984 100644 --- a/go.mod +++ b/go.mod @@ -6,17 +6,17 @@ toolchain go1.24.1 require ( github.com/docker/buildx v0.23.0 // indirect - github.com/docker/cli v28.1.0+incompatible // indirect - github.com/docker/compose/v2 v2.35.1 // indirect + github.com/docker/cli v28.1.1+incompatible // indirect + github.com/docker/compose/v2 v2.36.0 // indirect github.com/docker/scout-cli v1.15.0 // indirect - github.com/moby/buildkit v0.21.0 // indirect + github.com/moby/buildkit v0.21.1 // indirect github.com/moby/moby v28.1.0-rc.2+incompatible // indirect ) replace ( github.com/docker/buildx => github.com/docker/buildx v0.23.0 github.com/docker/cli => github.com/docker/cli v28.1.0-rc.2+incompatible - github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.35.1 + github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.36.0 github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0 github.com/moby/buildkit => github.com/moby/buildkit v0.20.0 github.com/moby/moby => github.com/moby/moby v28.1.0-rc.2+incompatible diff --git a/go.sum b/go.sum index e0d9918a4407..8e4053f2ce26 100644 --- a/go.sum +++ b/go.sum @@ -231,6 +231,8 @@ github.com/docker/compose/v2 v2.35.0 h1:bU23OeFrbGyHYrKijMSEwkOeDg2TLhAGntU2F3hw github.com/docker/compose/v2 v2.35.0/go.mod h1:S5ejUILn9KTYC6noX3IxznWu3/sb3FxdZqIYbq4seAk= github.com/docker/compose/v2 v2.35.1 h1:oRt5EE22een6DEAkNNQcuzJGhBS2rcMtEKdbfMhFIgk= github.com/docker/compose/v2 v2.35.1/go.mod h1:Ydd9ceg7VBOPSVAsDDKfyGGAkjejH3cD91GSmHjuRhI= +github.com/docker/compose/v2 v2.36.0 h1:MACSfQ2xqcwgCwAtsHVoQkFbHi2nNfNAsd5EWFg164k= +github.com/docker/compose/v2 v2.36.0/go.mod h1:kFPppTinl2Q0Lv3Dy9titIL41oWYoUkNxoKQZb/lfSU= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= diff --git a/hugo.yaml b/hugo.yaml index 3250af12955a..fb1c962215aa 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -140,7 +140,7 @@ params: # (Used to show e.g., "latest" and "latest"-1 in engine install examples docker_ce_version_prev: "28.1.0" # Latest Docker Compose version - compose_version: "v2.35.1" + compose_version: "v2.36.0" # Latest BuildKit version buildkit_version: "0.21.0" From 3097d412309667160ce21a8cdadbcdd2aa3b8ffe Mon Sep 17 00:00:00 2001 From: Guillaume Lours <705411+glours@users.noreply.github.com> Date: Thu, 8 May 2025 10:02:08 +0200 Subject: [PATCH 23/30] add how-to page explaining usage of Compose provider services (#22586) ## Description Add how-to page for Compose provider services explaining usage and configuration of this new feature allowing extending Compose behaviour ## Related issues or tickets https://docker.atlassian.net/browse/APCLI-1091 ## Reviews - [x] Technical review - [x] Editorial review - [ ] Product review --------- Signed-off-by: Guillaume Lours <705411+glours@users.noreply.github.com> Co-authored-by: Nicolas De loof Co-authored-by: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> --- .../compose/how-tos/provider-services.md | 125 ++++++++++++++++++ data/summary.yaml | 2 + 2 files changed, 127 insertions(+) create mode 100644 content/manuals/compose/how-tos/provider-services.md diff --git a/content/manuals/compose/how-tos/provider-services.md b/content/manuals/compose/how-tos/provider-services.md new file mode 100644 index 000000000000..fa1ddbb3dad7 --- /dev/null +++ b/content/manuals/compose/how-tos/provider-services.md @@ -0,0 +1,125 @@ +--- +title: Use provider services +description: Learn how to use provider services in Docker Compose to integrate external capabilities into your applications +keywords: compose, docker compose, provider, services, platform capabilities, integration, model runner, ai +weight: 112 +params: + sidebar: + badge: + color: green + text: New +--- + +{{< summary-bar feature_name="Compose provider services" >}} + +Docker Compose supports provider services, which allow integration with services whose lifecycles are managed by third-party components rather than by Compose itself. +This feature enables you to define and utilize platform-specific services without the need for manual setup or direct lifecycle management. + + +## What are provider services? + +Provider services are a special type of service in Compose that represents platform capabilities rather than containers. +They allow you to declare dependencies on specific platform features that your application needs. + +When you define a provider service in your Compose file, Compose works with the platform to provision and configure +the requested capability, making it available to your application services. + +## Using provider services + +To use a provider service in your Compose file, you need to: + +1. Define a service with the `provider` attribute +2. Specify the `type` of provider you want to use +3. Configure any provider-specific options +4. Declare dependencies from your application services to the provider service + +Here's a basic example: + +```yaml +services: + database: + provider: + type: awesomecloud + options: + type: mysql + foo: bar + app: + image: myapp + depends_on: + - database +``` + +Notice the dedicated `provider` attribute in the `database` service. +This attribute specifies that the service is managed by a provider and lets you define options specific to that provider type. + +The `depends_on` attribute in the `app` service specifies that it depends on the `database` service. +This means that the `database` service will be started before the `app` service, allowing the provider information +to be injected into the `app` service. + +## How it works + +During the `docker compose up` command execution, Compose identifies services relying on providers and works with them to provision +the requested capabilities. The provider then populates Compose model with information about how to access the provisioned resource. + +This information is passed to services that declare a dependency on the provider service, typically through environment +variables. The naming convention for these variables is: + +```env +<>_<> +``` + +For example, if your provider service is named `database`, your application service might receive environment variables like: + +- `DATABASE_URL` with the URL to access the provisioned resource +- `DATABASE_TOKEN` with an authentication token +- Other provider-specific variables + +Your application can then use these environment variables to interact with the provisioned resource. + +## Provider types + +The `type` field in a provider service references the name of either: + +1. A Docker CLI plugin (e.g., `docker-model`) +2. A binary available in the user's PATH + +When Compose encounters a provider service, it looks for a plugin or binary with the specified name to handle the provisioning of the requested capability. + +For example, if you specify `type: model`, Compose will look for a Docker CLI plugin named `docker-model` or a binary named `model` in the PATH. + +```yaml +services: + ai-runner: + provider: + type: model # Looks for docker-model plugin or model binary + options: + model: ai/example-model +``` + +The plugin or binary is responsible for: + +1. Interpreting the options provided in the provider service +2. Provisioning the requested capability +3. Returning information about how to access the provisioned resource + +This information is then passed to dependent services as environment variables. + +## Benefits of using provider services + +Using provider services in your Compose applications offers several benefits: + +1. Simplified configuration: You don't need to manually configure and manage platform capabilities +2. Declarative approach: You can declare all your application's dependencies in one place +3. Consistent workflow: You use the same Compose commands to manage your entire application, including platform capabilities + +## Creating your own provider + +If you want to create your own provider to extend Compose with custom capabilities, you can implement a Compose plugin that registers provider types. + +For detailed information on how to create and implement your own provider, refer to the [Compose Extensions documentation](https://github.com/docker/compose/blob/main/docs/extension.md). +This guide explains the extension mechanism that allows you to add new provider types to Compose. + +## Reference + +- [Docker Model Runner documentation](/manuals/ai/model-runner.md) +- [Compose Extensions documentation](https://github.com/docker/compose/blob/main/docs/extension.md) \ No newline at end of file diff --git a/data/summary.yaml b/data/summary.yaml index 01f870c28e66..5246f3899d9f 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -109,6 +109,8 @@ Compose model runner: requires: Docker Compose [2.35.0](/manuals/compose/releases/release-notes.md#2300) and later, and Docker Desktop 4.41 and later Compose OCI artifact: requires: Docker Compose [2.34.0](/manuals/compose/releases/release-notes.md#2340) and later +Compose provider services: + requires: Docker Compose [2.36.0](/manuals/compose/releases/release-notes.md) and later Compose replace file: requires: Docker Compose [2.24.4](/manuals/compose/releases/release-notes.md#2244) and later Compose required: From 7d7b3e939b8424a3513ff8eaf364839dfdb8a1f0 Mon Sep 17 00:00:00 2001 From: Rob Murray Date: Thu, 1 May 2025 10:59:07 +0100 Subject: [PATCH 24/30] Update warning about ports published to 127.0.0.1 Fixed in 28.0.0 - aligning with packet-filtering-firewalls.md. Signed-off-by: Rob Murray --- content/manuals/engine/network/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/manuals/engine/network/_index.md b/content/manuals/engine/network/_index.md index 048834851b57..97583dfe8af1 100644 --- a/content/manuals/engine/network/_index.md +++ b/content/manuals/engine/network/_index.md @@ -160,8 +160,8 @@ Here are some examples: > > > [!WARNING] > > -> > Hosts within the same L2 segment (for example, hosts connected to the same -> > network switch) can reach ports published to localhost. +> > In releases older than 28.0.0, hosts within the same L2 segment (for example, +> > hosts connected to the same network switch) can reach ports published to localhost. > > For more information, see > > [moby/moby#45610](https://github.com/moby/moby/issues/45610) From 874c4179ca96708044a01b4c28ce0a864e6bbc6f Mon Sep 17 00:00:00 2001 From: Rob Murray Date: Wed, 7 May 2025 14:54:40 +0100 Subject: [PATCH 25/30] Update text about direct routing Since 28.0.0, direct access to container ports from outside the host has been blocked. Signed-off-by: Rob Murray --- .../manuals/engine/network/packet-filtering-firewalls.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/manuals/engine/network/packet-filtering-firewalls.md b/content/manuals/engine/network/packet-filtering-firewalls.md index cc935a2ebaf0..99f28b38df99 100644 --- a/content/manuals/engine/network/packet-filtering-firewalls.md +++ b/content/manuals/engine/network/packet-filtering-firewalls.md @@ -234,14 +234,14 @@ $ docker run --network=mynet -p 8080:80 myimage ``` Then: -- Only container port 80 will be open, for IPv4 and IPv6. It is accessible - from anywhere, if there is routing to the container's address, and access - is not blocked by the host's firewall. +- Only container port 80 will be open, for IPv4 and IPv6. - For IPv6, using `routed` mode, port 80 will be open on the container's IP address. Port 8080 will not be opened on the host's IP addresses, and outgoing packets will use the container's IP address. - For IPv4, using the default `nat` mode, the container's port 80 will be - accessible via port 8080 on the host's IP addresses, as well as directly. + accessible via port 8080 on the host's IP addresses, as well as directly + from within the Docker host. But, container port 80 cannot be accessed + directly from outside the host. Connections originating from the container will masquerade, using the host's IP address. From e0acf4945b6595c2f1989380b22f794dfbf3d1c3 Mon Sep 17 00:00:00 2001 From: Allie Sadler <102604716+aevesdocker@users.noreply.github.com> Date: Thu, 8 May 2025 16:09:16 +0100 Subject: [PATCH 26/30] ENGDOCS-2595 (#22530) ## Description Adds docs on DD on Microsoft Dev Box ## Related issues or tickets ## Reviews - [ ] Technical review - [ ] Editorial review - [ ] Product review --------- Co-authored-by: Sarah Sanders --- content/manuals/desktop/features/dev-box.md | 55 +++++++++++++++++++++ content/manuals/desktop/setup/vm-vdi.md | 4 ++ 2 files changed, 59 insertions(+) create mode 100644 content/manuals/desktop/features/dev-box.md diff --git a/content/manuals/desktop/features/dev-box.md b/content/manuals/desktop/features/dev-box.md new file mode 100644 index 000000000000..31f7b7822cd9 --- /dev/null +++ b/content/manuals/desktop/features/dev-box.md @@ -0,0 +1,55 @@ +--- +Title: Docker Desktop in Microsoft Dev Box +description: Learn about the benefits of and how to setup Docker Desktop in Microsoft Dev Box +keywords: desktop, docker, windows, microsoft dev box +--- + +Docker Desktop is available as a pre-configured image in the Microsoft Azure Marketplace for use with Microsoft Dev Box, allowing developers to quickly set up consistent development environments in the cloud. + +Microsoft Dev Box provides cloud-based, pre-configured developer workstations that allow you to code, build, and test applications without configuring a local development environment. The Docker Desktop image for Microsoft Dev Box comes with Docker Desktop and its dependencies pre-installed, giving you a ready-to-use containerized development environment. + +## Key benefits + +- Pre-configured environment: Docker Desktop, WSL2, and other requirements come pre-installed and configured +- Consistent development: Ensure all team members work with the same Docker environment +- Powerful resources: Access more compute power and storage than might be available on local machines +- State persistence: Dev Box maintains your state between sessions, similar to hibernating a local machine +- Seamless licensing: Use your existing Docker subscription or purchase a new one directly through Azure Marketplace + +## Setup + +### Prerequisites + +- An Azure subscription +- Access to Microsoft Dev Box +- A Docker subscription (Pro, Team, or Business). You can use Docker Desktop in Microsoft Dev Box with any of the following subscription options: + - An existing or new Docker subscription + - A new Docker subscription purchased through Azure Marketplace + - A Docker Business subscription with SSO configured for your organization + +### Set up Docker Desktop in Dev Box + +1. Navigate to the [Docker Desktop for Microsoft Dev Box](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/dockerinc1694120899427.devbox_azuremachine?tab=Overview) listing in Azure Marketplace. +2. Select **Get It Now** to add the virtual machine image to your subscription. +3. Follow the Azure workflow to complete the setup. +4. Use the image to create VMs, assign to Dev Centers, or create Dev Box Pools according to your organization's setup. + +### Activate Docker Desktop + +Once your Dev Box is provisioned with the Docker Desktop image: + +1. Start your Dev Box instance. +2. Launch Docker Desktop. +3. Sign in with your Docker ID. + +## Support + +For issues related to: + +- Docker Desktop configuration, usage, or licensing: Create a support ticket through [Docker Support](https://hub.docker.com/support). +- Dev Box creation, Azure portal configuration, or networking: Contact Azure Support. + +## Limitations + +- Microsoft Dev Box is currently only available on Windows 10 and 11 (Linux VMs are not supported). +- Performance may vary based on your Dev Box configuration and network conditions. diff --git a/content/manuals/desktop/setup/vm-vdi.md b/content/manuals/desktop/setup/vm-vdi.md index 37333024258e..b51978247761 100644 --- a/content/manuals/desktop/setup/vm-vdi.md +++ b/content/manuals/desktop/setup/vm-vdi.md @@ -64,3 +64,7 @@ Docker Desktop follows the VDI support definitions outlined [previously](#virtua ### Support scope and responsibilities For WSL 2-related issues, contact Nutanix support. For Docker Desktop-specific issues, contact Docker support. + +## Aditional resources + +- [Docker Desktop on Microsoft Dev Box](/manuals/desktop/features/dev-box.md) \ No newline at end of file From 44facb8931d7dac430d8473180e5bc217cb7b386 Mon Sep 17 00:00:00 2001 From: Cesar Talledo Date: Thu, 8 May 2025 14:18:59 -0700 Subject: [PATCH 27/30] Expand documentation on the KubernetesImagesRepository setting. (#22589) ## Description Provide our users more help on this setting. Place the info in the Kubernetes feature section, and link to it from the admin-settings description for KubernetesImagesRepository. ## Reviews - [ ] Technical review - [X] Editorial review - [ ] Product review Signed-off-by: Cesar Talledo --- .../manuals/desktop/features/kubernetes.md | 106 ++++++++++++++++-- .../configure-json-file.md | 6 +- 2 files changed, 101 insertions(+), 11 deletions(-) diff --git a/content/manuals/desktop/features/kubernetes.md b/content/manuals/desktop/features/kubernetes.md index 1a7f77313e15..6319a7955a2e 100644 --- a/content/manuals/desktop/features/kubernetes.md +++ b/content/manuals/desktop/features/kubernetes.md @@ -81,14 +81,6 @@ The following table summarizes this comparison. | Works with containerd image store | Yes | Yes | | Works with Docker image store | Yes | No | -### Additional settings - -#### Viewing system containers - -By default, Kubernetes system containers are hidden. To inspect these containers, enable **Show system containers (advanced)**. - -You can now view the running Kubernetes containers with `docker ps` or in the Docker Desktop Dashboard. - ## Using the kubectl command Kubernetes integration automatically installs the Kubernetes CLI command @@ -131,6 +123,104 @@ For more information about `kubectl`, see the Kubernetes clusters are not automatically upgraded with Docker Desktop updates. To upgrade the cluster, you must manually select **Reset Kubernetes Cluster** in settings. +## Additional settings + +### Viewing system containers + +By default, Kubernetes system containers are hidden. To inspect these containers, enable **Show system containers (advanced)**. + +You can now view the running Kubernetes containers with `docker ps` or in the Docker Desktop Dashboard. + +### Configuring a custom image registry for Kubernetes control plane images + +Docker Desktop uses containers to run the Kubernetes control plane. By default, Docker Desktop pulls +the associated container images from Docker Hub. The images pulled depend on the [cluster provisioning mode](#cluster-provisioning-method). + +For example, in `kind` mode it requires the following images: + +```console +docker.io/kindest/node: +docker.io/docker/desktop-cloud-provider-kind: +docker.io/docker/desktop-containerd-registry-mirror: +``` + +In `kubeadm` mode it requires the following images: + +```console +docker.io/registry.k8s.io/kube-controller-manager: +docker.io/registry.k8s.io/kube-apiserver: +docker.io/registry.k8s.io/kube-scheduler: +docker.io/registry.k8s.io/kube-proxy +docker.io/registry.k8s.io/etcd: +docker.io/registry.k8s.io/pause: +docker.io/registry.k8s.io/coredns/coredns: +docker.io/docker/desktop-storage-provisioner: +docker.io/docker/desktop-vpnkit-controller: +docker.io/docker/desktop-kubernetes: +``` + +The image tags are automatically selected by Docker Desktop based on several +factors, including the version of Kubernetes being used. The tags vary for each image. + +To accommodate scenarios where access to Docker Hub is not allowed, admins can +configure Docker Desktop to pull the above listed images from a different registry (e.g., a mirror) +using the [KubernetesImagesRepository](../../security/for-admins/hardened-desktop/settings-management/configure-json-file.md#kubernetes) setting as follows. + +An image name can be broken into `[registry[:port]/][namespace/]repository[:tag]` components. +The `KubernetesImagesRepository` setting allows users to override the `[registry[:port]/][namespace]` +portion of the image's name. + +For example, if Docker Desktop Kubernetes is configured in `kind` mode and +`KubernetesImagesRepository` is set to `my-registry:5000/kind-images`, then +Docker Desktop will pull the images from: + +```console +my-registry:5000/kind-images/node: +my-registry:5000/kind-images/desktop-cloud-provider-kind: +my-registry:5000/kind-images/desktop-containerd-registry-mirror: +``` + +These images should be cloned/mirrored from their respective images in Docker Hub. The tags must +also match what Docker Desktop expects. + +The recommended approach to set this up is the following: + +1) Start Docker Desktop. + +2) In Settings > Kubernetes, enable the *Show system containers* setting. + +3) In Settings > Kubernetes, start Kubernetes using the desired cluster provisioning method: `kubeadm` or `kind`. + +4) Wait for Kubernetes to start. + +5) Use `docker ps` to view the container images used by Docker Desktop for the Kubernetes control plane. + +6) Clone or mirror those images (with matching tags) to your custom registry. + +7) Stop the Kubernetes cluster. + +8) Configure the `KubernetesImagesRepository` setting to point to your custom registry. + +9) Restart Docker Desktop. + +10) Verify that the Kubernetes cluster is using the custom registry images using the `docker ps` command. + +> [!NOTE] +> +> The `KubernetesImagesRepository` setting only applies to control plane images used by Docker Desktop +> to set up the Kubernetes cluster. It has no effect on other Kubernetes pods. + +> [!NOTE] +> +> When using `KubernetesImagesRepository` and [Enhanced Container Isolation (ECI)](../../security/for-admins/hardened-desktop/enhanced-container-isolation/_index.md) +> is enabled, add the following images to the [ECI Docker socket mount image list](../../security/for-admins/hardened-desktop/settings-management/configure-json-file.md#enhanced-container-isolation): +> +> * [imagesRepository]/desktop-cloud-provider-kind:* +> * [imagesRepository]/desktop-containerd-registry-mirror:* +> +> These containers mount the Docker socket, so you must add the images to the ECI images list. If not, +> ECI will block the mount and Kubernetes won't start. + ## Troubleshooting - If Kubernetes fails to start, make sure Docker Desktop is running with enough allocated resources. Check **Settings** > **Resources**. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index 0096692d5a89..f6856d85c66e 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -264,14 +264,14 @@ The following `admin-settings.json` code and table provides an example of the re |Parameter|OS|Description|Version| |:-------------------------------|---|:-------------------------------|---| -|`kubernetes`| | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the Docker Desktop Dashboard and when you run `docker ps`. `imagesRepository` lets you specify which repository Docker Desktop pulls the Kubernetes images from. For example, `"imagesRepository": "registry-1.docker.io/docker"`. | | +|`kubernetes`| | If `enabled` is set to true, a Kubernetes single-node cluster is started when Docker Desktop starts. If `showSystemContainers` is set to true, Kubernetes containers are displayed in the Docker Desktop Dashboard and when you run `docker ps`. The [imagesRepository](../../../../desktop/features/kubernetes.md#configuring-a-custom-image-registry-for-kubernetes-control-plane-images) setting lets you specify which repository Docker Desktop pulls control-plane Kubernetes images from. | | > [!NOTE] > > When using the `imagesRepository` setting and Enhanced Container Isolation (ECI), add the following images to the [ECI Docker socket mount image list](#enhanced-container-isolation): > -> `/desktop-cloud-provider-kind:*` -> `/desktop-containerd-registry-mirror:*` +> * [imagesRepository]/desktop-cloud-provider-kind:* +> * [imagesRepository]/desktop-containerd-registry-mirror:* > > These containers mount the Docker socket, so you must add the images to the ECI images list. If not, ECI will block the mount and Kubernetes won't start. From 42e05130ee7ff8b4695eb1a2a9d9496c00f75f23 Mon Sep 17 00:00:00 2001 From: "Dr. Matt Lee" Date: Fri, 9 May 2025 10:14:25 -0400 Subject: [PATCH 28/30] Merge pull request #22610 from mattl/patch-1 Update what-is-a-container.md --- .../docker-concepts/the-basics/what-is-a-container.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/get-started/docker-concepts/the-basics/what-is-a-container.md b/content/get-started/docker-concepts/the-basics/what-is-a-container.md index 89af955717ed..aeedde7fbd20 100644 --- a/content/get-started/docker-concepts/the-basics/what-is-a-container.md +++ b/content/get-started/docker-concepts/the-basics/what-is-a-container.md @@ -84,7 +84,7 @@ This container runs a web server that displays a simple website. When working wi When you launched the container, you exposed one of the container's ports onto your machine. Think of this as creating configuration to let you to connect through the isolated environment of the container. -For this container, the frontend is accessible on port `8080`. To open the website, select the link in the **Port(s)** column of your container or visit [http://localhost:8080](https://localhost:8080) in your browser. +For this container, the frontend is accessible on port `8080`. To open the website, select the link in the **Port(s)** column of your container or visit [http://localhost:8080](http://localhost:8080) in your browser. ![Screenshot of the landing page coming from the running container](images/access-the-frontend.webp?border) From b69af30744fb793bb521fe91b7de9357d7aafec6 Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Fri, 9 May 2025 15:48:34 -0400 Subject: [PATCH 29/30] improvements --- .../settings-management/settings-reference.md | 1926 +++++------------ hugo_stats.json | 2 + 2 files changed, 543 insertions(+), 1385 deletions(-) diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md index c5cd8b23c8eb..bce7955c4286 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md @@ -7,1772 +7,928 @@ linkTitle: Settings reference This reference lists all Docker Desktop settings, including where they live, which operating systems they apply to, and whether they're configurable via the -Docker Admin Console or the `admin-settings.json` file. +Docker Desktop GUI, the Docker Admin Console, or the `admin-settings.json` file. +Settings are organized to match the structure of the Docker Desktop GUI. Each setting includes: - Desktop setting name -- A values table that includes: the default value when a user first downloads -Docker Desktop, accepted values, and the format of accepted values +- A values table that includes the default value, accepted values, and format - Description - OS compatibility - Use cases -- How to configure the setting: Wwith [Docker Desktop](/manuals/desktop/settings-and-maintenance/settings.md) or -Settings Management (either Admin Console or `admin-settings.json` file) +- How to configure the setting: With [Docker Desktop](/manuals/desktop/settings-and-maintenance/settings.md) or Settings Management (Admin Console or `admin-settings.json` file) For details on the format and usage of the `admin-settings.json` file, see [Configure Settings Management with a JSON file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md). -## Accept canary updates +## General -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Opt in to early access of Docker Desktop updates. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable early access to test new releases before general -availability. -- **Configure this setting with:** - - `AcceptCanaryUpdates` in `settings-store.json` or `settings.json` files - -## Active organization name - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | String | String | - -- **Description:** Stores the active organization name for Docker Business -accounts -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Manage organization-specific Docker settings. -- **Configure this setting with:** - - `ActiveOrganizationName` in `settings-store.json` or `settings.json` files - -## Allow beta features - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Allow access to Beta features in Docker Desktop. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable early features for testing upcoming functionality. -- **Configure this setting with:** - - `AllowBetaFeatures` in `settings-store.json` or `settings.json` files - - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Access beta features** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Access experimental features - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Allow access to Experimental features in Docker Desktop. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable experimental features. -- **Configure this setting with:** - - **Features in development** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `AllowExperimentalFeatures` in `settings-store.json` or `settings.json` files - - Settings Management: `allowExperimentalFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Access experimental features** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Always download updates - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Automatically download Docker Desktop updates when available. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Manage auto update behavior. -- **Configure this setting with:** - - **Software updates** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `AutoDownloadUpdates` in `settings-store.json` or `settings.json` files - - Settings Management: **Disable updates** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Auto pause activity - -| Default value | Accepted values | Format | -|---------------|---------------------|---------| -| `30` | Integer (seconds) | Integer | - -- **Description:** Number of seconds before Docker Desktop auto-pauses due to -inactivity. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Save system resources during periods of inactivity. -- **Configure this setting with:** - - `AutoPauseTimedActivitySeconds` in `settings-store.json` or `settings.json` files - -## Auto pause timeout - -| Default value | Accepted values | Format | -|---------------|---------------------|---------| -| `300` | Integer (seconds) | Integer | - -- **Description:** Maximum idle time allowed before Docker Desktop pauses. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Manage Docker Desktop pause behavior during long idle periods. -- **Configure this setting with:** - - `AutoPauseTimeoutSeconds` in `settings-store.json` or `settings.json` files - -## Block `docker load` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Block the `docker load` command to prevent loading local images. -If the value is set to `true`, users are no longer able to run `docker load` -and receive an error if they try to. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Harden security by restricting local image loading. -- **Configure this setting with:** - - `BlockDockerLoad` in `settings-store.json` or `settings.json` files - - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Block Docker load** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Choose container terminal - -| Default value | Accepted values | Format | -|---------------|-------------------------|--------| -| `integrated` | `integrated`, `system` | String | - -- **Description:** Select default terminal for launching Docker CLI from Docker -Desktop. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Customize developer experience with preferred terminal. -- **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `ContainerTerminal` in `settings-store.json` or `settings.json` files - -## Include VM in Time Machine backup - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Back up the Docker Desktop virtual machine. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Manage persistence of application data. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `BackupData` in `settings-store.json` or `settings.json` files - -## Send usage statistics - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Send usage statistics and crash reports to Docker. If set to -`false`, Docker Desktop doesn't send usage statistics to Docker. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable analytics to help Docker improve the product based on -usage data. -- **Configure this setting with:** - - Send usage statistics [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `AnalyticsEnabled` in `settings-store.json` or `settings.json` files - - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Start Docker Desktop when you sign in to your computer - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Start Docker Desktop automatically when booting machine. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Ensure Docker Desktop is always running after boot. -- **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `AutoStart` in `settings-store.json` or `settings.json` files - -## `ContainersOverrideProxyExclude` - -| Default value | Accepted values | Format | -|---------------|--------------------|--------| -| `""` | List of addresses | String | - -- **Description:** Configure addresses that containers should bypass from proxy -settings. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Fine-tune proxy exceptions for container networking. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `ContainersOverrideProxyHTTP` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | URL string | String | - -- **Description:** HTTP proxy setting for container networking. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Set up container traffic to use a custom HTTP proxy. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `ContainersOverrideProxyHTTPS` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | URL string | String | - -- **Description:** HTTPS proxy setting for container networking. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Set up container traffic to use a custom HTTPS proxy. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `ContainersOverrideProxyPAC` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | URL string | String | - -- **Description:** PAC (Proxy Auto-config) URL for container networking. -- **OS:** {{< badge color=blue text="Windows only" >}} -- **Use case:** Automatically configure container proxy routing via PAC file. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: **PAC** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `ContainersOverrideProxyTCP` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | String | String | - -- **Description:** TCP proxy setting for container networking. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Configure advanced TCP proxy for containers. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `ContainersOverrideProxyTransparentPorts` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `80,443` | List of ports | String | - -- **Description:** List of ports to bypass transparent proxying in containers. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Exclude specific ports from transparent proxy behavior. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: **Transparent ports** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `ContainersProxyHTTPMode` - -| Default value | Accepted values | Format | -|---------------|---------------------|--------| -| `system` | `manual`, `system` | String | - -- **Description:** Creates air-gapped containers. For more information, see -[Air-Gapped Containers](/manuals/security/for-admins/hardened-desktop/air-gapped-containers.md). -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Fine-tune container proxy behavior. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: `containersProxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Proxy mode** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `Cpus` - -| Default value | Accepted values | Format | -|-----------------------------------------------|-----------------|---------| -| Number of logical CPU cores available on host | Integer | Integer | - -- **Description:** Number of CPUs assigned to the Docker Desktop virtual machine. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Resource allocation control. -- **Configure this setting with:** - - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `CredentialHelper` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `desktop` | String | String | - -- **Description:** Credential storage helper to use for `docker login`. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Manage secure storage of Docker credentials. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `CustomWslDistroDir` - -| Default value | Accepted values | Format | -|----------------------------------------------|-----------------|--------| -| `%USERPROFILE%\AppData\Local\Docker\wsl\distro` | File path | String | - -- **Description:** Custom path for WSL2 distributions managed by Docker. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Control where Docker stores WSL2 distributions. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DataFolder` - -| Default value | Accepted values | Format | -|-------------------------------------------------------------------------------|-----------------|--------| -| macOS: `~/Library/Containers/com.docker.docker/Data/vms/0`
Windows: `%USERPROFILE%\AppData\Local\Docker\wsl\data` | File path | String | - -- **Description:** Path where Docker Desktop stores virtual machine data. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Redirect Docker data to a custom location. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DefaultSnapshotter` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `overlayfs` | String | String | - -- **Description:** Set the default container snapshotter. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control storage backend for container layers. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DeprecatedCgroupv1` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable cgroup v1 support if needed for compatibility. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Maintain compatibility with legacy software. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## Enable Desktop terminal - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable access to the Docker Desktop integrated terminal. If -the value is set to `false`, users can't use the Docker terminal to interact -with the host machine and execute commands directly from Docker Desktop. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Allow or restrict developer access to the built-in terminal. -- **Configure this setting with:** - - **Enable Docker terminal** setting in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `DesktopTerminalEnabled` in `settings-store.json` or `settings.json` files - - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - -## Default networking mode - -| Default value | Accepted values | Format | -|---------------|------------------------------------|--------| -| `ipv4only` | `ipv4only`, `ipv6only`, `dual-stack` | Enum | - -- **Description:** Set the default networking mode for containers. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Specify a custom container network mode. -- **Configure this setting with:** - - `DefaultNetworkingMode` in `settings-store.json` or `settings.json` files - -## `DevEnvironmentsEnabled` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable the Docker Dev Environments feature. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control access to experimental development workflows. -- **Configure this setting with:** - - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DisableHardwareAcceleration` +### Start Docker Desktop when you sign in to your computer | Default value | Accepted values | Format | |---------------|-----------------|--------| | `false` | `true`, `false` | Boolean | -- **Description:** Disable hardware (GPU) acceleration support. -- **OS:** {{< badge color=blue text="Windows only" >}} -- **Use case:** Work around graphics driver issues or run in VMs. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## Disable automatic updates - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Disable automatic update polling for Docker Desktop. If the -value is set to `true`, checking for updates and notifications about Docker -Desktop updates are disabled. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Freeze the current version in enterprise environments. -- **Configure this setting with:** - - `DisableUpdate` in `settings-store.json` or `settings.json` files - - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Disable update** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `DiskFlush` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `os` | String | String | - -- **Description:** Control when data flushing occurs for the VM disk. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Tune disk performance versus safety. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DiskSizeMiB` - -| Default value | Accepted values | Format | -|-------------------------------|-----------------|---------| -| Default disk size of machine. | Integer | Integer | - -- **Description:** Maximum disk size (in MiB) allocated for Docker Desktop. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Constrain Docker's virtual disk size for storage management. -- **Configure this setting with:** - - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DiskStats` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | String | String | - -- **Description:** Disk usage statistics. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Monitor or debug disk usage performance on Unix-based systems. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DiskTRIM` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Enable TRIM operation support to reclaim unused disk space. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Optimize disk usage over time. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DisplayRestartDialog` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Show a restart notification when settings changes require a -restart. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Provide user feedback about restart requirements. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DisplaySwitchWinLinContainers` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Allow users to switch between Linux and Windows containers. -- **OS:** {{< badge color=blue text="Windows only" >}} -- **Use case:** Flexibility in development environments. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `Displayed18362Deprecation` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Show the deprecation warning for Windows build 18362. -- **OS:** {{< badge color=blue text="Windows only" >}} -- **Use case:** Prevent showing the same Windows version deprecation warning -multiple times. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DisplayedElectronPopup` - -| Default value | Accepted values | Format | -|---------------|---------------------|-----------------------------| -| `[]` | List of strings | Array with list of strings | - -- **Description:** Show Electron (tips, alerts, announcements) pop-ups for users. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Prevents Docker Desktop from repeatedly showing the same popup -messages. -- **Configure this setting with:** - - `settings-store.json` or `settings.json` files - -## Display onboarding survey - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Display the onboarding survey for Docker Desktop. If the -value is set to `true`, the onboarding survey will not be displayed to new -users. Settings the value to `false` has no effecct. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Prevents Docker Desktop from repeatedly showing onboarding. -- **Configure this setting with:** - - `DisplayedOnboarding` in `settings-store.json` or `settings.json` files - - Settings Management: `displayedOnboarding` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Hide onboarding survey** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `DockerAppLaunchPath` - -| Default value | Accepted values | Format | -|--------------------------|-----------------|--------| -| `/Applications/Docker.app` | File path | String | - -- **Description:** Path to the Docker Desktop application executable on macOS. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Custom install management or scripting. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DockerBinInstallPath` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `system` | File path | String | - -- **Description:** Install location for Docker CLI binaries. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Customize CLI install location for compliance or tooling. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `DockerDebugDefaultEnabled` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable debug logging by default for Docker CLI commands. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Assist with debugging support issues. -- **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## Allow ECI to use derived images - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Allow Enhanced Container Isolation (ECI) to use derived images. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Permit use of base images with layered builds in ECI mode. -- **Configure this setting with:** - - `ECIDockerSocketAllowDerivedImages` in `settings-store.json` or `settings.json` files - - Settings Management: **Allow derived images** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## ECI command list - -| Default value | Accepted values | Format | -|---------------|-----------------|-----------------------------| -| `[]` | List of strings | Array with list of strings | - -- **Description:** Restricts the commands that containers can issue via the -bind-mounted Docker Engine socket. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Fine-tune developer CLI access in hardened environments. -- **Configure this setting with:** - - `ECIDockerSocketCmdList` in `settings-store.json` or `settings.json` files - - Settings Management: `commandList` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Command list** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## ECI command list type - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `deny` | `allow`, `deny` | String | - -- **Description:** Whether the ECI command list is an allow-list or deny-list. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Determine behavior of `ECIDockerSocketCmdList`. -- **Configure this setting with:** - - `ECIDockerSocketCmdListType` in `settings-store.json` or `settings.json` files - - Settings Management: `????` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **????** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## ECI image list - -| Default value | Accepted values | Format | -|---------------|-----------------|-----------------------------| -| `[]` | List of strings | Array list of strings | - -- **Description:** Indicates which container images are allowed to bind-mount -the Docker Engine socket. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Restrict containers to a known set of images. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: `imageList` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Manageament: **Image list** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## `EnableDefaultDockerSocket` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | - -- **Description:** By default, enhanced container isolation blocks bind-mounting -the Docker Engine socket into containers -(e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This lets -you relax this in a controlled way. See ECI Configuration for more info. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Allow containers to access the Docker socket for scenarios like -Docker-in-Docker or containerized CI agents. -- **Configure this setting with:** - - ???? in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - -## `EnableDockerAI` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable Docker AI features in the Docker Desktop experience. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable or disable AI features like "Ask Gordon". -- **Configure this setting with:** - - **Features in development** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `EnableDockerAI` in `settings-store.json` or `settings.json` files - - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - -## `EnableIntegrationWithDefaultWslDistro` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Automatically integrate Docker with the default WSL -distribution. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Ensure Docker integrates with default WSL distro automatically. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `EnableIntegrationWithDefaultWslDistro` in `settings-store.json` or `settings.json` files - -## `EnableIntegrityCheck` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Perform integrity checks on Docker Desktop binaries. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enforce binary verification for security. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `EnableSegmentDebug` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable debug logging for Docker Desktop’s Segment analytics -events. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Troubleshoot or inspect analytics event delivery during -development or support sessions. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `EnableWasmShims` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable WebAssembly (Wasm) shims to run Wasm containers. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Run Wasm workloads in Docker Desktop. -- **Configure this setting with:** - - Features in development settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## Enable Enhanced Container Isolation (ECI) - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Enable Enhanced Container Isolation for secure container -execution. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Prevent containers from modifying configuration or sensitive -host areas. -- **Configure this setting with:** - - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `EnhancedContainerIsolation` in `settings-store.json` or `settings.json` files - - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Expose Docker API - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | - -- **Description:** Expose the Docker API over TCP on a specified port. If value -is set to `true`, the Docker API is exposed on port 2375. This port is -unauthenticated and should only be enabled if protected by suitable firewall -rules. -- **OS:** {{< badge color=blue text="Windows only" >}} -- **Use case:** Allow non-TLS API access for development/testing. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `ExposeDockerAPIOnTCP2375` in `settings-store.json` or `settings.json` files - - Settings Management: `exposeDockerAPIOnTCP2375` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Expose Docker API** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Enable extensions - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | - -- **Description:** Enable or disable Docker Extensions. +- **Description:** Start Docker Desktop automatically when booting machine. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control access to the Extensions Marketplace and installed -extensions. +- **Use case:** Ensure Docker Desktop is always running after boot. - **Configure this setting with:** - - **Extensions** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `ExtensionsEnabled` in `settings-store.json` or `settings.json` files - - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Enable private extensions marketplace +### Open Docker Dashboard when Docker Desktop starts -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|----------------------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Enable a private marketplace for Docker Extensions. +- **Description:** Open the Docker Dashboard automatically when Docker Desktop starts. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Restrict extension installation to curated extensions. +- **Use case:** Quickly access containers, images, and volumes in the Docker Dashboard after starting Docker Desktop. - **Configure this setting with:** - - `ExtensionsPrivateMarketplace` in `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Set private extension contact URL +### Choose theme for Docker Desktop -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `""` | URL string | String | +| Default value | Accepted values | Format | +|---------------|----------------------------|--------| +| `system` | `light`, `dark`, `system` | Enum | -- **Description:** Set a contact URL for admins on the private extensions -marketplace page. +- **Description:** Choose the Docker Desktop GUI theme. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Help users contact support if they can’t find an extension. +- **Use case:** Personalize Docker Desktop appearance. - **Configure this setting with:** - - `ExtensionsPrivateMarketplaceAdminContactURL` in `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Filesharing directories +### Configure shell completions -| Default value | Accepted values | Format | -|----------------------------------------|---------------------------------|--------------------------| -| Varies by OS | List of file paths as strings | Array list of strings | +| Default value | Accepted values | Format | +|---------------|-------------------------|--------| +| `integrated` | `integrated`, `system` | String | -- **Description:** List of allowed directories shared between the host and -containers. When a path is added, its subdirectories are allowed. +- **Description:** If installed, automatically edits your shell configuration. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Restrict or define what file paths are available to containers. +- **Use case:** Customize developer experience with shell completions. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `FilesharingDirectories` in `settings-store.json` or `settings.json` files - - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `HostNetworkingEnabled` +### Choose container terminal -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|-------------------------|--------| +| `integrated` | `integrated`, `system` | String | -- **Description:** Enable experimental host networking support. +- **Description:** Select default terminal for launching Docker CLI from Docker +Desktop. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Allow containers to use the host network stack. +- **Use case:** Customize developer experience with preferred terminal. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Enable Kubernetes +### Enable Docker terminal -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Enable the integrated Kubernetes cluster in Docker Desktop. +- **Description:** Enable access to the Docker Desktop integrated terminal. If +the value is set to `false`, users can't use the Docker terminal to interact +with the host machine and execute commands directly from Docker Desktop. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable or disable Kubernetes support for developers. +- **Use case:** Allow or restrict developer access to the built-in terminal. - **Configure this setting with:** - - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `KubernetesEnabled` in `settings-store.json` or `settings.json` files - - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **General** setting in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `desktopTerminalEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `KubernetesImagesRepository` +### Enable Docker Debug by default | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `""` | URL string | String | +| `false` | `true`, `false` | Boolean | -- **Description:** Set a custom repository for Kubernetes images. +- **Description:** Enable debug logging by default for Docker CLI commands. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Support Kubernetes use in restricted or offline environments. +- **Use case:** Assist with debugging support issues. - **Configure this setting with:** - - `settings-store.json` or `settings.json` files - - Settings Management: `imagesRepository` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Kubernetes images repository** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Set Kubernetes mode +### Include VM in Time Machine backup | Default value | Accepted values | Format | |---------------|-----------------|--------| -| `kubeadm` | String | String | - -- **Description:** Set the Kubernetes node mode (single-node or multi-node). -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control the topology of the integrated Kubernetes cluster. -- **Configure this setting with:** - - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `KubernetesMode` in `settings-store.json` or `settings.json` files - -## Kubernetes node count - -| Default value | Accepted values | Format | -|---------------|-----------------|---------| -| `1` | Integer | Integer | +| `false` | `true`, `false` | Boolean | -- **Description:** Number of nodes to create in a multi-node Kubernetes cluster. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Scale the number of Kubernetes nodes for development or testing. +- **Description:** Back up the Docker Desktop virtual machine. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Manage persistence of application data. - **Configure this setting with:** - - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `KubernetesNodesCount` in `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Kubernetes node version +### Use containerd for pulling and storing images -| Default value | Accepted values | Format | -|---------------|-------------------------------|--------| -| `1.31.1` | Semantic version (e.g., 1.29.1) | String | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | -- **Description:** Version of Kubernetes used for cluster node creation. +- **Description:** Use containerd native snapshotter instead of legacy +snapshotters. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Pin a specific Kubernetes version for consistency or -compatibility. +- **Use case:** Improve image handling performance and compatibility. - **Configure this setting with:** - - **Kubernetes** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `KubernetesNodesVersion` in `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `LastLoginDate` +### Choose Virtual Machine Manager -| Default value | Accepted values | Format | -|---------------|-----------------|-----------------------| -| `0` | `int64` values | Integer in `int64` format | +#### Docker VMM -- **Description:** Timestamp of last successful Docker Desktop login. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Display usage activity. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | -## `LatestBannerKey` +#### Apple Virtualization framework -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `""` | String | String | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | -- **Description:** Tracks the most recently shown in-app banner. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Prevent repeated display of the same banner across sessions. +- **Description:** Use Apple Virtualization Framework to run Docker containers. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Improve VM performance on Apple Silicon. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `LicenseTermsVersion` +#### Rosetta -| Default value | Accepted values | Format | -|---------------|-----------------|---------| -| `0` | Integer | Integer | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | -- **Description:** Version of Docker Desktop license terms accepted by the user. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Audit license terms agreement. +- **Description:** Use Rosetta to emulate `amd64` on Apple Silicon. If value +is set to `true`, Docker Desktop turns on Rosetta to accelerate +x86_64/amd64 binary emulation on Apple Silicon. +- **OS:** {{< badge color=blue text="Mac only" >}} 13+ +- **Use case:** Run Intel-based containers on Apple Silicon hosts. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `LifecycleTimeoutSeconds` - -| Default value | Accepted values | Format | -|---------------|---------------------|---------| -| `600` | Integer (seconds) | Integer | + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -- **Description:** Number of seconds Docker Desktop waits for the Docker Engine -to start before timing out. -- **OS compatibility**: All -- **Use case:** Extend or reduce the timeout window for environments where the -engine may start slowly. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +> [!NOTE] +> +> Rosetta requires enabling Apple Virtualization framework. -## `MemoryMiB` +#### QEMU -| Default value | Accepted values | Format | -|---------------------------|-----------------|---------| -| Based on system resources | Integer | Integer | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | -- **Description:** Amount of RAM (in MiB) assigned to the Docker virtual machine. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control how much memory Docker can use on the host. -- **Configure this setting with:** - - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +### Choose file sharing implementation -## Allow only Marketplace extensions +#### VirtioFS | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Restrict Docker Desktop to only run Marketplace extensions. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Prevent running third-party or local extensions. +- **Description:** Use VirtioFS for fast, native file sharing between host and +containers. If value is set to `true`, VirtioFS is set as the file sharing +mechanism. If both VirtioFS and gRPC are set to `true`, VirtioFS takes +precedence. +- **OS:** {{< badge color=blue text="Mac only" >}} 12.5+ +- **Use case:** Improve volume mount performance and compatibility. - **Configure this setting with:** - - **Extensions** settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `OnlyMarketplaceExtensions` in `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `OpenUIOnStartupDisabled` +#### gRPC FUSE | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| `true` | `true`, `false` | Boolean | -- **Description:** Prevent the Docker Desktop UI from opening automatically at -startup. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Streamline startup experience. +- **Description:** Enable gRPC FUSE for macOS file sharing. If value is set to +`true`, gRPC Fuse is set as the file sharing mechanism. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Improve performance and compatibility of file mounts. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +#### osxfs -## Override proxy exclude +### Send usage statistics | Default value | Accepted values | Format | |---------------|-----------------|--------| -| `""` | String | String | +| `true` | `true`, `false` | Boolean | -- **Description:** Comma-separated list of domain patterns that should bypass -the proxy. +- **Description:** Send usage statistics and crash reports to Docker. If set to +`false`, Docker Desktop doesn't send usage statistics to Docker. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Exclude internal services or domains from being routed through -the proxy. +- **Use case:** Enable analytics to help Docker improve the product based on +usage data. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `OverrideProxyExclude` in `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `analyticsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Send usage statistics** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## Override proxy HTTP +### Use Enhanced Container Isolation | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `""` | URL string | String | +| `false` | `true`, `false` | Boolean | -- **Description:** Override the default HTTP proxy used by Docker Desktop and -its containers. -- **OS compatibility**: All -- **Use case:** Route container HTTP traffic through a specific proxy. +- **Description:** Enable Enhanced Container Isolation for secure container +execution. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Prevent containers from modifying configuration or sensitive +host areas. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `OverrideProxyHTTP` in `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `enhancedContainerIsolation` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Enable enhanced container isolation** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## Override proxy HTTPS +### Show CLI hints | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `""` | URL string | String | +| `true` | `true`, `false` | Boolean | -- **Description:** Override the default HTTPS proxy used by Docker Desktop and -its containers. +- **Description:** Display helpful CLI tips in the terminal when using Docker commands. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Route container HTTPS traffic through a specific proxy. +- **Use case:** Help users discover and learn Docker CLI features through inline suggestions. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `OverrideProxyHTTPS` in `settings-store.json` or `settings.json` files + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `OverrideProxyPAC` +### Enable Scout image analysis | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `""` | URL string | String | +| `true` | `true`, `false` | Boolean | -- **Description:** URL to a Proxy Auto-Config (PAC) file to dynamically -configure proxy rules. +- **Description:** Enable Docker Scout to generate and display SBOM data for container images. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Load dynamic proxy rules from a PAC file. +- **Use case:** Turn on Docker Scout analysis features to view vulnerabilities, packages, and metadata associated with images. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `OverrideProxyTCP` +### Enable background Scout SBOM indexing | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `""` | URL string | String | +| `false` | `true`, `false` | Boolean | -- **Description:** Override the TCP proxy settings used by Docker Desktop. +- **Description:** Automatically index SBOM data for images in the background without requiring user interaction. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Define a custom proxy for TCP traffic not covered by -HTTP/HTTPS proxies. +- **Use case:** Keep image metadata up to date by allowing Docker to perform SBOM indexing during idle time or after image pull operations. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **General settings** in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `OverrideWindowsDockerdPort` - -| Default value | Accepted values | Format | -|---------------|-----------------|--------| -| `-1` | Integer | Integer | - -- **Description:** Exposes Docker Desktop's internal proxy locally on this port -for the Windows Docker daemon to connect to. If set to `0`, a random free port -is chosen. If the value is greater than 0, it uses that exact value for the port. --1 disables the option. -- **OS:** Windows -- **Use case:** Allow precise control of how Docker Desktop exposes its -internal proxy for `dockerd.exe`. -- **Configure this settings with:** - - `OverrideWindowsDockerdPort` in `settings-store.json` or `settings.json` files - - Settings Management: `windowsDockerdPort` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Override Windows “dockerd” port** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - -## Proxy enable Kerberos NTLM +### Automatically check configuration -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|-----------------------|-----------------|---------| +| `CurrentSettingsVersions` | Integer | Integer | -- **Description:** Enable Kerberos and NTLM authentication for the proxy. -- **OS:** Windows -- **Use case:** Allow Docker Desktop to authenticate with enterprise proxies -that require Kerberos or NTLM credentials. +- **Description:** Regularly checks your configuration to ensure no unexpected changes have been made by another application +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Track versions for compatibility - **Configure this setting with:** - - `ProxyEnableKerberosNTLM` in `settings-store.json` or `settings.json` files - - Settings Management: `enableKerberosNtlm` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Kerberos NTLM** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **General** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `configurationFileVersion` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +## Resources -## Proxy HTTP mode +### CPU limit -| Default value | Accepted values | Format | -|---------------|---------------------|--------| -| `system` | `system`, `manual` | String | +| Default value | Accepted values | Format | +|-----------------------------------------------|-----------------|---------| +| Number of logical CPU cores available on host | Integer | Integer | -- **Description:** Proxy mode setting. If mode is set to `system` instead of -`manual`, Docker Desktop gets the proxy values from the system and ignores -values set for `http`, `https`, and `exclude`. To manually configure proxy -servers, use `manual`. +- **Description:** Number of CPUs assigned to the Docker Desktop virtual machine. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control how Docker Desktop uses or ignores system proxy settings. +- **Use case:** Resource allocation control. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `ProxyHTTPMode` in `settings-store.json` or `settings.json` files - - Settings Management: `proxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `ProxyLocalhostPort` +### Memory limit -| Default value | Accepted values | Format | -|---------------|---------------------|---------| -| `0` | Integer (port number) | Integer | +| Default value | Accepted values | Format | +|---------------------------|-----------------|---------| +| Based on system resources | Integer | Integer | -- **Description:** Specifies the local port used by Docker Desktop’s internal -proxy to route container traffic through the host network. +- **Description:** Amount of RAM (in MiB) assigned to the Docker virtual machine. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Bind the internal proxy to a fixed localhost port for debugging -or compatibility with network security tools. +- **Use case:** Control how much memory Docker can use on the host. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `RequireVmnetd` +### Swap -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|-----------------|---------| +| `1024` | Integer | Integer | -- **Description:** Require the privileged helper (`vmnetd`) for networking on -macOS. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Enforce elevated privileges for networking support +- **Description:** Amount of swap space (in MiB) assigned to the Docker virtual machine +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Extend memory availability via swap - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `RunWinServiceInWslMode` +### Disk usage limit -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|-------------------------------|-----------------|---------| +| Default disk size of machine. | Integer | Integer | -- **Description:** Allow the Windows service that supports Docker Desktop to -run in WSL mode for enhanced integration. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Enable deeper integration between the Windows service layer and -the WSL-based Docker backend. +- **Description:** Maximum disk size (in MiB) allocated for Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Constrain Docker's virtual disk size for storage management. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## SBOM indexing +### Disk image location -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|--------------------------------------------------|-----------------|--------| +| macOS: `~/Library/Containers/com.docker.docker/Data/vms/0`
Windows: `%USERPROFILE%\AppData\Local\Docker\wsl\data` | File path | String | -- **Description:** Enable SBOM indexing for container images +- **Description:** Path where Docker Desktop stores virtual machine data. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control whether Docker indexes SBOMs for images +- **Use case:** Redirect Docker data to a custom location. - **Configure this setting with:** - - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `SbomIndexing` in `settings-store.json` or `settings.json` files - - Settings Management: `sbomIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **SBOM indexing** settings in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `ScoutNotificationPopupsEnabled` +### Enable Resource Saver | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Enable Docker Scout popups inside Docker Desktop. +- **Description:** Enable Docker Desktop to pause when idle. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Show or hide vulnerability scan notifications +- **Use case:** Save system resources during periods of inactivity. - **Configure this setting with:** - - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `ScoutOsNotificationsEnabled` +### File sharing directories -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|----------------------------------------|---------------------------------|--------------------------| +| Varies by OS | List of file paths as strings | Array list of strings | -- **Description:** Enable Docker Scout notifications through the operating system. +- **Description:** List of allowed directories shared between the host and +containers. When a path is added, its subdirectories are allowed. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Push Scout updates via system notification center +- **Use case:** Restrict or define what file paths are available to containers. - **Configure this setting with:** - - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **File sharing** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `filesharingAllowedDirectories` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allowed file sharing directories** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `SettingsVersion` +### Proxy exclude -| Default value | Accepted values | Format | -|-----------------------|-----------------|---------| -| `CurrentSettingsVersions` | Integer | Integer | +| Default value | Accepted values | Format | +|---------------|--------------------|--------| +| `""` | List of addresses | String | -- **Description:** Specifies the version of the settings configuration file format +- **Description:** Configure addresses that containers should bypass from proxy +settings. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Track schema versions for compatibility +- **Use case:** Fine-tune proxy exceptions for container networking. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: `configurationFileVersion` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - **Proxies** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `proxy` setting with `manual` and `exclude` modes in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `ShowAnnouncementNotifications` +### Docker subnet -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|-------------------|-----------------|--------| +| `192.168.65.0/24` | IP address | String | -- **Description:** Display general announcements inside Docker Desktop. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable or suppress Docker-wide announcements in the UI. +- **Description:** Overrides the network range used for vpnkit DHCP/DNS for +`*.docker.internal`. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Customize the subnet used for Docker container networking. - **Configure this setting with:** - - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ShowExtensionsSystemContainers` +### Use kernel networking for UDP | Default value | Accepted values | Format | |---------------|-----------------|----------| | `false` | `true`, `false` | Boolean | -- **Description:** Show system containers used by Docker Extensions in the container list +- **Description:** Use the host’s kernel network stack for UDP traffic instead of Docker’s virtual network driver. This enables faster and more direct UDP communication, but may bypass some container isolation features. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Help developers troubleshoot or view extension system containers +- **Use case:** Improve performance or compatibility for workloads that rely heavily on UDP traffic, such as real-time media, DNS, or game servers. - **Configure this setting with:** - - Extensions settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `ShowGeneralNotifications` +### Enable host networking | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| `false` | `true`, `false` | Boolean | -- **Description:** Display general informational messages inside Docker Desktop +- **Description:** Enable experimental host networking support. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Customize in-app communication visibility +- **Use case:** Allow containers to use the host network stack. - **Configure this setting with:** - - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Network** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `ShowInstallScreen` +### Enable WSL engine | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Show the installation onboarding screen in Docker Desktop -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control whether onboarding screens are shown after installation +- **Description:** If the value is set to `true`, Docker Desktop uses the WSL2 +based engine. This overrides anything that may have been set at installation +using the `--backend=` flag. +- **OS:** {{< badge color=blue text="Windows only" >}} + WSL +- **Use case:** Enable Linux containers via WSL 2 backend. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **WSL Integration** Resources settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `ShowKubernetesSystemContainers` +## Docker Engine -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +The Docker Engine settings let you configure low-level daemon settings through a raw JSON object. These settings are passed directly to the dockerd process that powers container management in Docker Desktop. -- **Description:** Show Kubernetes system containers in the Docker Dashboard container list +| Key | Example | Description | Accepted values / Format | Default | +| --------------------- | --------------------------- | -------------------------------------------------- | ------------------------------ | ------- | +| `debug` | `true` | Enable verbose logging in the Docker daemon | Boolean | `false` | +| `experimental` | `true` | Enable experimental Docker CLI and daemon features | Boolean | `false` | +| `insecure-registries` | `["myregistry.local:5000"]` | Allow pulling from HTTP registries without TLS | Array of strings (`host:port`) | `[]` | +| `registry-mirrors` | `["https://mirror.gcr.io"]` | Define alternative registry endpoints | Array of URLs | `[]` | + +- **Description:** Customize the behavior of the Docker daemon using a structured JSON config passed directly to dockerd. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Allow developers to view kube-system containers for debugging +- **Use case:** Fine-tune registry access, enable debug mode, or opt into experimental features. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `ShowPromotionalNotifications` + - **Docker Engine** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +> [!NOTE] +> +> Values for this setting are passed as-is to the Docker daemon. Invalid or unsupported fields may prevent Docker Desktop from starting. -- **Description:** Display promotional announcements and banners inside Docker Desktop -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control exposure to Docker news and feature promotion -- **Configure this setting with:** - - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +## Builders -## `ShowSurveyNotifications` +Builders settings lets you manage Buildx builder instances for advanced image-building scenarios, including multi-platform builds and custom backends. -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| Key | Example | Description | Accepted values / Format | Default | +| ----------- | -------------------------------- | -------------------------------------------------------------------------- | ------------------------- | --------- | +| `name` | `"my-builder"` | Name of the builder instance | String | — | +| `driver` | `"docker-container"` | Backend used by the builder (`docker`, `docker-container`, `remote`, etc.) | String | `docker` | +| `platforms` | `["linux/amd64", "linux/arm64"]` | Target platforms supported by the builder | Array of platform strings | Host arch | -- **Description:** Display notifications inviting users to participate in surveys +- **Description:** Configure custom Buildx builders for Docker Desktop, including driver type and supported platforms. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable or disable in-product survey prompts +- **Use case:** Set up advanced build configurations like cross-platform images or remote builders. - **Configure this setting with:** - - Notifications settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Builders** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `SkipUpdateToWSLPrompt` - -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +> [!NOTE] +> +> Builder definitions are structured as an array of objects, each describing a builder instance. Conflicting or unsupported configurations may cause build errors. -- **Description:** Skip prompting users to upgrade to the WSL 2 backend -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Silence UI nudges to switch WSL versions -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +## Kubernetes -## `SkipWSLMountPerfWarning` +### Enable Kubernetes | Default value | Accepted values | Format | |---------------|-----------------|----------| | `false` | `true`, `false` | Boolean | -- **Description:** Skip the performance warning about WSL mount speed. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Suppress warnings for known limitations or user preference +- **Description:** Enable the integrated Kubernetes cluster in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable Kubernetes support for developers. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `kubernetes` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allow Kubernetes** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `SocksProxyPort` +### Choose cluster provisioning method -| Default value | Accepted values | Format | -|---------------|-----------------|---------| -| `0` | Integer (port) | Integer | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `kubeadm` | `kubeadm`, `kind` | String | -- **Description:** Local SOCKS proxy port for Docker Desktop. +- **Description:** Set the Kubernetes node mode (single-node or multi-node). - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Route Docker traffic through a SOCKS proxy +- **Use case:** Control the topology of the integrated Kubernetes cluster. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `SwapMiB` +### Kubernetes node count (kind provisioning) | Default value | Accepted values | Format | |---------------|-----------------|---------| -| `1024` | Integer | Integer | +| `1` | Integer | Integer | -- **Description:** Amount of swap space (in MiB) assigned to the Docker virtual machine +- **Description:** Number of nodes to create in a multi-node Kubernetes cluster. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Extend memory availability via swap +- **Use case:** Scale the number of Kubernetes nodes for development or testing. - **Configure this setting with:** - - Resources settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `SynchronizedDirectories` +### Kubernetes node version (kind provisioning) -| Default value | Accepted values | Format | -|----------------------------------|-----------------------------|--------| -| Varies by system/user configs | Array of file paths as strings | Array | +| Default value | Accepted values | Format | +|---------------|-------------------------------|--------| +| `1.31.1` | Semantic version (e.g., 1.29.1) | String | -- **Description:** Directories that should be synchronized between host and -container filesystems. +- **Description:** Version of Kubernetes used for cluster node creation. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Improve performance for bind mounts and volume sharing. +- **Use case:** Pin a specific Kubernetes version for consistency or +compatibility. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `ThemeSource` +### Show system containers -| Default value | Accepted values | Format | -|---------------|----------------------------|--------| -| `system` | `light`, `dark`, `system` | Enum | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `false` | `true`, `false` | Boolean | -- **Description:** Choose the Docker Desktop UI theme. +- **Description:** Show Kubernetes system containers in the Docker Dashboard container list - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Personalize Docker Desktop appearance. +- **Use case:** Allow developers to view kube-system containers for debugging - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - -## `UpdateAvailableTime` + - **Kubernetes** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -| Default value | Accepted values | Format | -|---------------|---------------------|--------| -| `0` | ISO 8601 timestamp | String | - -- **Description:** Timestamp of last update availability check. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Telemetry and internal logic. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +## Software updates -## `UpdateHostsFile` +### Automatically check for updates -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Allow Docker Desktop to update the system `hosts` file. +- **Description:** Disable automatic update polling for Docker Desktop. If the +value is set to `true`, checking for updates and notifications about Docker +Desktop updates are disabled. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Support DNS resolution for internal services. +- **Use case:** Freeze the current version in enterprise environments. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `disableUpdate` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Disable update** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `UpdateInstallTime` +### Always download updates -| Default value | Accepted values | Format | -|---------------|---------------------|--------| -| `0` | ISO 8601 timestamp | String | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Timestamp of last Docker Desktop update installation. +- **Description:** Automatically download Docker Desktop updates when available. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Track install history. +- **Use case:** Manage auto update behavior. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Software updates** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: **Disable updates** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + +## Extensions -## Use background indexing +### Enable Docker extensions | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| `true` | `true`, `false` | Boolean | -- **Description:** Enable background indexing of local Docker images for Docker -Scout. +- **Description:** Enable or disable Docker Extensions. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Improve performance of features like image search. +- **Use case:** Control access to the Extensions Marketplace and installed +extensions. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `UseBackgroundIndexing` in `settings-store.json` or `settings.json` files - - Settings Management: `useBackgroundIndexing` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Background indexing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `extensionsEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **Allow Extensions** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `UseContainerdSnapshotter` +### Allow only extensions distributed through the Docker Marketplace | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| `true` | `true`, `false` | Boolean | -- **Description:** Use containerd native snapshotter instead of legacy -snapshotters. +- **Description:** Restrict Docker Desktop to only run Marketplace extensions. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Improve image handling performance and compatibility. +- **Use case:** Prevent running third-party or local extensions. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `UseCredentialHelper` +### Show Docker Extensions system containers | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| `false` | `true`, `false` | Boolean | -- **Description:** Use the configured credential helper to securely store and -retrieve Docker registry credentials. +- **Description:** Show system containers used by Docker Extensions in the container list - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Enable secure, system-integrated storage of Docker login -credentials instead of plain-text config files. +- **Use case:** Help developers troubleshoot or view extension system containers - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Extensions** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Use gRPC Fuse +## Features in development + +### Enable Docker AI | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| `false` | `true`, `false` | Boolean | -- **Description:** Enable gRPC FUSE for macOS file sharing. If value is set to -`true`, gRPC Fuse is set as the file sharing mechanism. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Improve performance and compatibility of file mounts. +- **Description:** Enable Docker AI features in the Docker Desktop experience. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable AI features like "Ask Gordon". - **Configure this setting with:** - - **Choose file sharing implementation for your containers** setting in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `UseGrpcfuse` in `settings-store.json` or `settings.json` files - - Settings Management: `useGrpcfuse` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Use gRPC FUSE for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Features in development** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `enableDockerAI` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `UseLibkrun` +### Enable Docker Model Runner | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| `true` | `true`, `false` | Boolean | -- **Description:** Enable lightweight VM virtualization via libkrun. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Run containers in microVMs using libkrun. +- **Description:** Enable Docker Model Runner features in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable Docker Model Runner features. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Features in development** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Use nightly build updates +### Enable host-side TCP support | Default value | Accepted values | Format | |---------------|-----------------|----------| | `false` | `true`, `false` | Boolean | -- **Description:** Enable updates from the Docker Desktop nightly build channel -instead of the stable release channel. +- **Description:** Enable Docker Model Runner features in Docker Desktop. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Receive early access to experimental features and fixes by -subscribing to nightly builds. +- **Use case:** Enable or disable Docker Model Runner features. - **Configure this setting with:** - - `UseNightlyBuildUpdates` in `settings-store.json` or `settings.json` files + - **Features in development** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + +> [!NOTE] +> +> This setting requires Docker Model Runner setting to be enabled first. + +## Notifications -## `UseResourceSaver` +### Status updates on tasks and processes | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Enable Docker Desktop to pause when idle. +- **Description:** Display general informational messages inside Docker Desktop - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Save system resources during periods of inactivity. +- **Use case:** Customize in-app communication visibility - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `UseVirtualizationFramework` +### Recommendations from Docker | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Use Apple Virtualization Framework to run Docker containers. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Improve VM performance on Apple Silicon. +- **Description:** Display promotional announcements and banners inside Docker Desktop +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Control exposure to Docker news and feature promotion - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Use virtualization framework: Rosetta +### Docker announcements | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Use Rosetta to emulate `amd64` on Apple Silicon. If value -is set to `true`, Docker Desktop turns on Rosetta to accelerate -x86_64/amd64 binary emulation on Apple Silicon. -- **OS:** {{< badge color=blue text="Mac only" >}} 13+ -- **Use case:** Run Intel-based containers on Apple Silicon hosts. +- **Description:** Display general announcements inside Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or suppress Docker-wide announcements in the GUI. - **Configure this setting with:** - - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `UseVirtualizationFrameworkRosetta` in `settings-store.json` or `settings.json` files - - Settings Management:`useVirtualizationFrameworkRosetta` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Use Rosetta for x86_64/amd64 emulation on Apple Silicon** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Use virtualization framework: VirtioFS +### Docker surveys | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Use VirtioFS for fast, native file sharing between host and -containers. If value is set to `true`, VirtioFS is set as the file sharing -mechanism. If both VirtioFS and gRPC are set to `true`, VirtioFS takes -precedence. -- **OS:** {{< badge color=blue text="Mac only" >}} 12.5+ -- **Use case:** Improve volume mount performance and compatibility. +- **Description:** Display notifications inviting users to participate in surveys +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enable or disable in-product survey prompts - **Configure this setting with:** - - **General settings** in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `UseVirtualizationFrameworkVirtioFS` in `settings-store.json` or `settings.json` files - - Settings Management: `useVirtualizationFrameworkVirtioFS` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Use VirtioFS for file sharing** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `UseVpnkit` +### Docker Scout Notification pop-ups | Default value | Accepted values | Format | |---------------|-----------------|----------| | `true` | `true`, `false` | Boolean | -- **Description:** Use vpnkit for Docker Desktop networking on macOS. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Enable or disable vpnkit as the networking backend. +- **Description:** Enable Docker Scout popups inside Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Show or hide vulnerability scan notifications - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `UseWindowsContainers` +### Docker Scout OS notifications | Default value | Accepted values | Format | |---------------|-----------------|----------| | `false` | `true`, `false` | Boolean | -- **Description:** Enable Windows container mode in Docker Desktop. -- **OS:** {{< badge color=blue text="Windows only" >}} -- **Use case:** Switch between Linux and Windows container runtimes. +- **Description:** Enable Docker Scout notifications through the operating system. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Push Scout updates via system notification center - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files - - Settings Management: `windowContainters` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - **Notifications** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `VpnKitAllowedBindAddresses` +## Advanced + +### Configure installation of Docker CLI | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `0.0.0.0` | IP address | String | +| `system` | File path | String | -- **Description:** Specify which local IP addresses vpnkit is allowed to bind -to for handling network traffic. +- **Description:** Install location for Docker CLI binaries. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Restrict or allow vpnkit to bind to specific interfaces for -security or debugging purposes. +- **Use case:** Customize CLI install location for compliance or tooling. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `VpnKitMTU` +### Allow the default Docker socket to be used -| Default value | Accepted values | Format | -|---------------|-----------------|---------| -| `1500` | Integer | Integer | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | -- **Description:** Set the Maximum Transmission Unit (MTU) for vpnkit’s virtual -network interface. +- **Description:** By default, enhanced container isolation blocks bind-mounting +the Docker Engine socket into containers +(e.g., `docker run -v /var/run/docker.sock:/var/run/docker.sock ...`). This lets +you relax this in a controlled way. See ECI Configuration for more info. - **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Tune network performance or resolve issues with packet -fragmentation when using vpnkit. +- **Use case:** Allow containers to access the Docker socket for scenarios like +Docker-in-Docker or containerized CI agents. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) + - Settings Management: `dockerSocketMount` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `VpnKitMaxConnections` +### Allow privileged port mapping -| Default value | Accepted values | Format | -|---------------|-----------------|---------| -| `2000` | Integer | Integer | +| Default value | Accepted values | Format | +|---------------|-----------------|----------| +| `true` | `true`, `false` | Boolean | -- **Description:** Set the maximum number of simultaneous network connections -vpnkit can handle. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Control resource usage or support high-connection workloads -inside containers. +- **Description:** Starts the privileged helper process which binds privileged ports that are between 1 and 1024 +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Enforce elevated privileges for networking support - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## `VpnKitMaxPortIdleTime` +## Settings not available in the Docker Desktop UI -| Default value | Accepted values | Format | -|---------------|---------------------|---------| -| `300` | Integer (seconds) | Integer | - -- **Description:** Maximum idle time in seconds before vpnkit closes an -unused port. -- **OS:** {{< badge color=blue text="All" >}} -- **Use case:** Improve performance and free up unused ports by closing -idle connections. -- **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files +The following settings aren’t shown in the Docker Desktop UI. You can only configure them using Settings Management with the Admin Console or the `admin-settings.json` file. -## `VpnKitTransparentProxy` +### Block `docker load` -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Enable transparent proxying in vpnkit. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Seamlessly forward traffic through proxies using vpnkit. +- **Description:** Prevent users from loading local Docker images using the `docker load` command. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Enforce image provenance by restricting local image imports. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `blockDockerLoad` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## vpnkit CIDR +### Expose Docker API on TCP 2375 -| Default value | Accepted values | Format | -|-------------------|-----------------|--------| -| `192.168.65.0/24` | IP address | String | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Overrides the network range used for vpnkit DHCP/DNS for -`*.docker.internal`. -- **OS:** {{< badge color=blue text="Mac only" >}} -- **Use case:** Customize the subnet used for Docker container networking. +- **Description:** Exposes the Docker API over an unauthenticated TCP socket on port 2375. Only recommended for isolated and protected environments. +- **OS:** {{< badge color=blue text="Windows only" >}} +- **Use case:** Required for legacy integrations or environments without named pipe support. - **Configure this setting with:** - - `VpnkitCIDR` in `settings-store.json` or `settings.json` files - - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) - + - Settings Management: `exposeDockerAPIOnTCP2375` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `WslDiskCompactionThresholdGb` +### Air-gapped container proxy -| Default value | Accepted values | Format | -|---------------|-----------------|---------| -| `0` | Integer (GB) | Integer | +| Default value | Accepted values | Format | +| ------------- | --------------- | ----------- | +| See example | Object | JSON object | -- **Description:** Minimum free disk space required to trigger WSL disk -compaction. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Automatically reclaim unused space from WSL disks. +- **Description:** Configure a manual HTTP/HTTPS proxy for containers. Useful in air-gapped environments where containers need restricted access. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Redirect or block container networking to comply with offline or secured network environments. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `containersProxy` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `WslEnableGrpcfuse` +#### Example + +```json +"containersProxy": { + "locked": true, + "mode": "manual", + "http": "", + "https": "", + "exclude": [], + "pac": "", + "transparentPorts": "" +} +``` + +Docker socket access control (ECI exceptions) + +| Default value | Accepted values | Format | +| ------------- | --------------- | ----------- | +| - | Object | JSON object | + +- **Description:** Allow specific images or commands to use the Docker socket when Enhanced Container Isolation is enabled. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Support tools like Testcontainers or LocalStack that need Docker socket access while maintaining secure defaults. +- Configure this setting with: + - Settings Management: `enhancedContainerIsolation` > `dockerSocketMount` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + +#### Example + +```json +"enhancedContainerIsolation": { + "locked": true, + "value": true, + "dockerSocketMount": { + "imageList": { + "images": [ + "docker.io/localstack/localstack:*", + "docker.io/testcontainers/ryuk:*" + ] + }, + "commandList": { + "type": "deny", + "commands": ["push"] + } + } +} +``` + +### Allow beta features | Default value | Accepted values | Format | |---------------|-----------------|----------| | `false` | `true`, `false` | Boolean | -- **Description:** Enable gRPC FUSE file sharing in WSL2 mode. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Improve performance and compatibility for file mounts in WSL. +- **Description:** Enable access to beta features in Docker Desktop. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Give developers early access to features that are in public beta. - **Configure this setting with:** - - General settings in [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `allowBetaFeatures` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## Enable WSL engine +### Docker daemon options (Linux or Windows) | Default value | Accepted values | Format | |---------------|-----------------|----------| -| `true` | `true`, `false` | Boolean | +| `{}` | JSON object | Stringified JSON | -- **Description:** If the value is set to `true`, Docker Desktop uses the WSL2 -based engine. This overrides anything that may have been set at installation -using the `--backend=` flag. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Enable Linux containers via WSL 2 backend. +- **Description:** Override the Docker daemon configuration used in Linux or Windows containers. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Configure low-level Docker daemon options (e.g., logging, storage drivers) without editing the local config files. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `WslEngineEnabled` in `settings-store.json` or `settings.json` files - - Settings Management: `wslEngineEnabled` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) - - Settings Management: **Windows Subsystem for Linux (WSL) Engine** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) + - Settings Management: `linuxVM.dockerDaemonOptions` or `windowsContainers.dockerDaemonOptions` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) -## `WslInstallMode` +### VPNKit CIDR -| Default value | Accepted values | Format | -|---------------------|--------------------------------|--------| -| `installLatestWsl` | `installLatestWsl`, `manualInstall` | String | +| Default value | Accepted values | Format | +|-------------------|-----------------|--------| +| `192.168.65.0/24` | CIDR notation | String | -- **Description:** Select how Docker Desktop installs and manages WSL on -Windows systems. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Control whether Docker Desktop installs WSL automatically or -relies on a pre-installed version. +- **Description:** Set the subnet used for internal VPNKit DHCP/DNS services. +- **OS:** {{< badge color=blue text="Mac only" >}} +- **Use case:** Prevent IP conflicts in environments with overlapping subnets. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `vpnkitCIDR` setting in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + - Settings Management: **VPN Kit CIDR** setting in the [Admin Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) -## `WslUpdateRequired` +### Enable Kerberos and NTLM authentication -| Default value | Accepted values | Format | -|---------------|-----------------|----------| -| `false` | `true`, `false` | Boolean | +| Default value | Accepted values | Format | +|---------------|-----------------|--------| +| `false` | `true`, `false` | Boolean | -- **Description:** Indicates whether a WSL update is required for Docker Desktop -to function. -- **OS:** {{< badge color=blue text="Windows only" >}} + WSL -- **Use case:** Internal check for platform support. +- **Description:** Enables Kerberos and NTLM proxy authentication for enterprise environments. +- **OS:** {{< badge color=blue text="All" >}} +- **Use case:** Allow users to authenticate with enterprise proxy servers that require Kerberos or NTLM. - **Configure this setting with:** - - [Docker Desktop UI](/manuals/desktop/settings-and-maintenance/settings.md) - - `settings-store.json` or `settings.json` files + - Settings Management: `proxy.enableKerberosNtlm` in the [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md) + diff --git a/hugo_stats.json b/hugo_stats.json index 0ba8fdcc0a2b..27020353d8d5 100644 --- a/hugo_stats.json +++ b/hugo_stats.json @@ -80,6 +80,7 @@ "Mac-with-Apple-silicon", "Mac-with-Intel-chip", "Manually-create-assets", + "Manually-set-it-up", "NetworkManager", "Node", "Non-compliant", @@ -113,6 +114,7 @@ "Use-OpenAI", "Using-the-CLI", "Using-the-GUI", + "Using-the-MCP-Toolkit-Recommended", "VS-Code", "Vue", "WSL-2-backend-Arm-Beta", From c79d205c50291bbd8c940792dd69856f9a3cbb7d Mon Sep 17 00:00:00 2001 From: sarahsanders-docker Date: Fri, 9 May 2025 16:20:58 -0400 Subject: [PATCH 30/30] typos --- .../settings-management/_index.md | 6 ++++-- .../configure-admin-console.md | 4 ++++ .../settings-management/configure-json-file.md | 15 ++++++--------- .../settings-management/settings-reference.md | 4 ++-- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md index bf3996fa33ce..f6e512504645 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/_index.md @@ -43,8 +43,10 @@ by developers and ensure that these cannot be modified. ## What features can I configure with Settings Management? You can configure a wide range of features, from proxies and Kubernetes settings -to Enhanced Container isolation. For more information, view the [full list of -configurable settings](). +to Enhanced Container isolation. For more information, view the [Settings reference](/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md). + +The settings reference outlines what settings can be configured with the [Admin +Console](/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md) or [`admin-settings.json` file](/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md). ## How do I set up and enforce Settings Management? diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md index 646685fc950a..ff48f668615b 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-admin-console.md @@ -18,6 +18,10 @@ This page contains information for administrators on how to configure Settings M subscription, therefore your Docker Desktop users must authenticate to your organization for configurations to take effect. +> [!IMPORTANT] +> +> For settings to take effect, users must be added to your verified domain. + ## Create a settings policy 1. Within the [Docker Admin Console](https://app.docker.com/admin) navigate to the company or organization you want to define a settings policy for. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md index f6856d85c66e..b643c04d56bf 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/configure-json-file.md @@ -17,15 +17,13 @@ Settings Management is designed specifically for organizations who don’t give ## Prerequisites -You must [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop users authenticate with your organization. - -Settings management requires a Docker Business subscription. Docker Desktop verifies the user's authentication and licensing before applying any settings from the `admin-settings.json` file. The settings file will not take effect unless both authentication and license checks pass. These checks ensure that only licensed users receive managed settings. +- You must [enforce sign-in](/manuals/security/for-admins/enforce-sign-in/_index.md) to ensure that all Docker Desktop users authenticate with your organization. +- Settings management requires a Docker Business subscription. Docker Desktop verifies the user's authentication and licensing before applying any settings from the `admin-settings.json` file. The settings file will not take effect unless both authentication and license checks pass. These checks ensure that only licensed users receive managed settings. > [!IMPORTANT] > > If a user is not signed in, or their Docker ID does not belong to an organization with a Docker Business subscription, Docker Desktop ignores the `admin-settings.json` file. - ## Known limitations The `admin-settings.json` file requires users to authenticate with Docker Hub and be a member @@ -34,8 +32,7 @@ of an organization with a Docker Business subscription. This means the file does - Air-grapped or offline environments where Docker Desktop can't authenticate with Docker Hub. - Restricted environments where SSO and cloud-based authentication are not permitted. - -## Step one: Create the `admin-settings.json` file and save it in the correct location +## Step one: Create the `admin-settings.json` file and save it You can either use the `--admin-settings` installer flag on [macOS](/manuals/desktop/setup/install/mac-install.md#install-from-the-command-line) or [Windows](/manuals/desktop/setup/install/windows-install.md#install-from-the-command-line) to automatically create the `admin-settings.json` and save it in the correct location, or set it up manually. @@ -52,7 +49,7 @@ To set it up manually: > > It is assumed that you have the ability to push the `admin-settings.json` settings file to the locations specified through a device management software such as [Jamf](https://www.jamf.com/lp/en-gb/apple-mobile-device-management-mdm-jamf-shared/?attr=google_ads-brand-search-shared&gclid=CjwKCAjw1ICZBhAzEiwAFfvFhEXjayUAi8FHHv1JJitFPb47C_q_RCySTmF86twF1qJc_6GST-YDmhoCuJsQAvD_BwE). -## Step two: Configure the settings you want to lock in +## Step two: Configure settings > [!NOTE] > @@ -64,7 +61,6 @@ If `locked: true`, users aren't able to edit this setting from Docker Desktop or If `locked: false`, it's similar to setting a factory default in that: - For new installs, `locked: false` pre-populates the relevant settings in the Docker Desktop Dashboard, but users are able to modify it. - - If Docker Desktop is already installed and being used, `locked: false` is ignored. This is because existing users of Docker Desktop may have already updated a setting, which in turn will have been written to the relevant config file, for example the `settings-store.json` (or `settings.json` for Docker Desktop versions 4.34 and earlier) or `daemon.json`. In these instances, the user's preferences are respected and the values aren't altered. These can be controlled by setting `locked: true`. The following `admin-settings.json` code and table provides an example of the required syntax and descriptions for parameters and values: @@ -301,10 +297,11 @@ The following `admin-settings.json` code and table provides an example of the re For settings to take effect: - On a new install, developers need to launch Docker Desktop and authenticate to their organization. - On an existing install, developers need to quit Docker Desktop through the Docker menu, and then re-launch Docker Desktop. If they are already signed in, they don't need to sign in again for the changes to take effect. + > [!IMPORTANT] > > Selecting **Restart** from the Docker menu isn't enough as it only restarts some components of Docker Desktop. -So as not to disrupt your developers' workflow, Docker doesn't automatically mandate that developers re-launch and re-authenticate once a change has been made. +To avoid disrupting your developers' workflow, Docker doesn't automatically mandate that developers re-launch and re-authenticate once a change has been made. In Docker Desktop, developers see the relevant settings grayed out. diff --git a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md index bce7955c4286..1250175e13e1 100644 --- a/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md +++ b/content/manuals/security/for-admins/hardened-desktop/settings-management/settings-reference.md @@ -796,9 +796,9 @@ Docker-in-Docker or containerized CI agents. - **Configure this setting with:** - **Advanced** settings in [Docker Desktop GUI](/manuals/desktop/settings-and-maintenance/settings.md) -## Settings not available in the Docker Desktop UI +## Settings not available in the Docker Desktop GUI -The following settings aren’t shown in the Docker Desktop UI. You can only configure them using Settings Management with the Admin Console or the `admin-settings.json` file. +The following settings aren’t shown in the Docker Desktop GUI. You can only configure them using Settings Management with the Admin Console or the `admin-settings.json` file. ### Block `docker load`