diff --git a/content/guides/admin-set-up/testing.md b/content/guides/admin-set-up/testing.md index 008a1af876f4..e334c5a0ab64 100644 --- a/content/guides/admin-set-up/testing.md +++ b/content/guides/admin-set-up/testing.md @@ -10,7 +10,7 @@ You can test SSO and SCIM by signing in to Docker Desktop or Docker Hub with the > [!IMPORTANT] > -> Some users may need CLI based logins to Docker Hub, and for this they will need a [personal access token (PAT)](/manuals/security/for-developers/access-tokens.md). +> Some users may need CLI based logins to Docker Hub, and for this they will need a [personal access token (PAT)](/manuals/security/access-tokens.md). ## Test RAM and IAM diff --git a/content/guides/bun/configure-ci-cd.md b/content/guides/bun/configure-ci-cd.md index 4135bd968969..6b03a70c6abd 100644 --- a/content/guides/bun/configure-ci-cd.md +++ b/content/guides/bun/configure-ci-cd.md @@ -31,7 +31,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token)for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token)for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/cpp/configure-ci-cd.md b/content/guides/cpp/configure-ci-cd.md index f16d54b8b006..c0d3bed4c87e 100644 --- a/content/guides/cpp/configure-ci-cd.md +++ b/content/guides/cpp/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/deno/configure-ci-cd.md b/content/guides/deno/configure-ci-cd.md index d6d824a70cd1..06754b542583 100644 --- a/content/guides/deno/configure-ci-cd.md +++ b/content/guides/deno/configure-ci-cd.md @@ -31,7 +31,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token)for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token)for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/dotnet/configure-ci-cd.md b/content/guides/dotnet/configure-ci-cd.md index ec5f7343bb33..aeaf21f6882f 100644 --- a/content/guides/dotnet/configure-ci-cd.md +++ b/content/guides/dotnet/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/gha.md b/content/guides/gha.md index 04e7d497e3f1..1512c2eac9aa 100644 --- a/content/guides/gha.md +++ b/content/guides/gha.md @@ -51,7 +51,7 @@ that, you must authenticate with your Docker credentials (username and access token) as part of the GitHub Actions workflow. For instructions on how to create a Docker access token, see -[Create and manage access tokens](/manuals/security/for-developers/access-tokens.md). +[Create and manage access tokens](/manuals/security/access-tokens.md). Once you have your Docker credentials ready, add the credentials to your GitHub repository so you can use them in GitHub Actions: diff --git a/content/guides/golang/configure-ci-cd.md b/content/guides/golang/configure-ci-cd.md index 2bfe44c85dbd..7f3943d319cf 100644 --- a/content/guides/golang/configure-ci-cd.md +++ b/content/guides/golang/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/java/configure-ci-cd.md b/content/guides/java/configure-ci-cd.md index 560c130c1086..67a17a28e999 100644 --- a/content/guides/java/configure-ci-cd.md +++ b/content/guides/java/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/nodejs/configure-ci-cd.md b/content/guides/nodejs/configure-ci-cd.md index 8e8218b813f1..c951b37b5d7e 100644 --- a/content/guides/nodejs/configure-ci-cd.md +++ b/content/guides/nodejs/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/php/configure-ci-cd.md b/content/guides/php/configure-ci-cd.md index c67e2a17181e..747aa2339bee 100644 --- a/content/guides/php/configure-ci-cd.md +++ b/content/guides/php/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/python/configure-github-actions.md b/content/guides/python/configure-github-actions.md index 45f969cd57a3..b13e2dfbb2e3 100644 --- a/content/guides/python/configure-github-actions.md +++ b/content/guides/python/configure-github-actions.md @@ -20,7 +20,7 @@ If you didn't create a [GitHub repository](https://github.com/new) for your proj 2. Under the **Variables** tab, create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -3. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +3. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 4. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/r/configure-ci-cd.md b/content/guides/r/configure-ci-cd.md index 8c1c4fcc5079..472ec6969866 100644 --- a/content/guides/r/configure-ci-cd.md +++ b/content/guides/r/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/ruby/configure-github-actions.md b/content/guides/ruby/configure-github-actions.md index a4d28d9f5016..5203f158e1ea 100644 --- a/content/guides/ruby/configure-github-actions.md +++ b/content/guides/ruby/configure-github-actions.md @@ -20,7 +20,7 @@ If you didn't create a [GitHub repository](https://github.com/new) for your proj 2. Under the **Variables** tab, create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -3. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +3. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 4. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/guides/rust/configure-ci-cd.md b/content/guides/rust/configure-ci-cd.md index 3f7241cb67f5..5c012a1a3ab4 100644 --- a/content/guides/rust/configure-ci-cd.md +++ b/content/guides/rust/configure-ci-cd.md @@ -32,7 +32,7 @@ Create a GitHub repository, configure the Docker Hub credentials, and push your 3. Create a new **Repository variable** named `DOCKER_USERNAME` and your Docker ID as a value. -4. Create a new [Personal Access Token (PAT)](/manuals/security/for-developers/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. +4. Create a new [Personal Access Token (PAT)](/manuals/security/access-tokens.md#create-an-access-token) for Docker Hub. You can name this token `docker-tutorial`. Make sure access permissions include Read and Write. 5. Add the PAT as a **Repository secret** in your GitHub repository, with the name `DOCKERHUB_TOKEN`. diff --git a/content/manuals/accounts/_index.md b/content/manuals/accounts/_index.md index 383593e8755e..108d3e74592c 100644 --- a/content/manuals/accounts/_index.md +++ b/content/manuals/accounts/_index.md @@ -22,10 +22,10 @@ grid: - title: Personal access tokens description: Learn how to create and manage access tokens for your account. icon: password - link: /security/for-developers/access-tokens/ + link: /security/access-tokens/ - title: Set up two-factor authentication description: Add an extra layer of authentication to your Docker account. - link: /security/for-developers/2fa/ + link: /security/2fa/ icon: phonelink_lock - title: Deactivate an account description: Learn how to deactivate a Docker user account. diff --git a/content/manuals/accounts/create-account.md b/content/manuals/accounts/create-account.md index 746c7f132777..fda0188df795 100644 --- a/content/manuals/accounts/create-account.md +++ b/content/manuals/accounts/create-account.md @@ -77,7 +77,7 @@ Once you register your Docker ID and verify your email address, you can sign in > When you use the `docker login` command, your credentials are stored in your home directory in `.docker/config.json`. The password is base64-encoded in this file. > -> We recommend using one of the [Docker credential helpers](https://github.com/docker/docker-credential-helpers) for secure storage of passwords. For extra security, you can also use a [personal access token](../security/for-developers/access-tokens.md) to sign in instead, which is still encoded in this file (without a Docker credential helper) but doesn't permit administrator actions (such as changing the password). +> We recommend using one of the [Docker credential helpers](https://github.com/docker/docker-credential-helpers) for secure storage of passwords. For extra security, you can also use a [personal access token](../security/access-tokens.md) to sign in instead, which is still encoded in this file (without a Docker credential helper) but doesn't permit administrator actions (such as changing the password). ### Sign in with your social provider diff --git a/content/manuals/accounts/manage-account.md b/content/manuals/accounts/manage-account.md index c8d55d011cf7..50e4d80f67b1 100644 --- a/content/manuals/accounts/manage-account.md +++ b/content/manuals/accounts/manage-account.md @@ -60,12 +60,12 @@ Follow the instructions in the password reset email. To update your two-factor authentication (2FA) settings, select **2FA**. For information on two-factor authentication (2FA) for your account, see -[Enable two-factor authentication](../security/for-developers/2fa/_index.md) +[Enable two-factor authentication](../security/2fa/_index.md) to get started. To manage personal access tokens, select **Personal access tokens**. For information on personal access tokens, see -[Create and manage access tokens](../security/for-developers/access-tokens.md). +[Create and manage access tokens](../security/access-tokens.md). ## Manage connected accounts diff --git a/content/manuals/build-cloud/ci.md b/content/manuals/build-cloud/ci.md index 51768192a8eb..49477182d55a 100644 --- a/content/manuals/build-cloud/ci.md +++ b/content/manuals/build-cloud/ci.md @@ -37,7 +37,7 @@ See [Loading build results](./usage/#loading-build-results) for details. To enable your CI/CD system to build and push images using Docker Build Cloud, provide both an access token and a username. The type of token and the username you use depend on your account type and permissions. - If you are an organization administrator or have permission to create [organization access tokens (OAT)](/manuals/enterprise/security/access-tokens.md), use an OAT and set `DOCKER_ACCOUNT` to your Docker Hub organization name. -- If you do not have permission to create OATs or are using a personal account, use a [personal access token (PAT)](/security/for-developers/access-tokens/) and set `DOCKER_ACCOUNT` to your Docker Hub username. +- If you do not have permission to create OATs or are using a personal account, use a [personal access token (PAT)](/security/access-tokens/) and set `DOCKER_ACCOUNT` to your Docker Hub username. ### Creating access tokens @@ -59,7 +59,7 @@ If you are not an organization administrator: #### For personal accounts -- Create a [personal access token (PAT)](/security/for-developers/access-tokens/) with the following permissions: +- Create a [personal access token (PAT)](/security/access-tokens/) with the following permissions: 1. **Read & write** access. - Note: Building with Docker Build Cloud only requires read access, but you need write access to push images to a Docker Hub repository. diff --git a/content/manuals/desktop/troubleshoot-and-support/faqs/general.md b/content/manuals/desktop/troubleshoot-and-support/faqs/general.md index 4d0d15d267e7..13c950c0ba52 100644 --- a/content/manuals/desktop/troubleshoot-and-support/faqs/general.md +++ b/content/manuals/desktop/troubleshoot-and-support/faqs/general.md @@ -22,7 +22,7 @@ This includes: - The resources in the [Learning Center](/manuals/desktop/use-desktop/_index.md) - Pulling or pushing an image to Docker Hub -- [Image Access Management](/manuals/security/for-developers/access-tokens.md) +- [Image Access Management](/manuals/security/access-tokens.md) - [Static vulnerability scanning](/manuals/docker-hub/repos/manage/vulnerability-scanning.md) - Viewing remote images in the Docker Dashboard - Docker Build when using [BuildKit](/manuals/build/buildkit/_index.md#getting-started). diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md index 78c2a1d0ad8f..d93b4ad0e06f 100644 --- a/content/manuals/docker-hub/release-notes.md +++ b/content/manuals/docker-hub/release-notes.md @@ -264,7 +264,7 @@ Each organization page now breaks down into these tabs: ### New features -* You can now [create personal access tokens](/security/for-developers/access-tokens/) in Docker Hub and use them to authenticate from the Docker CLI. Find them in your account settings, under the new **[Security](https://hub.docker.com/settings/security)** section. +* You can now [create personal access tokens](/security/access-tokens/) in Docker Hub and use them to authenticate from the Docker CLI. Find them in your account settings, under the new **[Security](https://hub.docker.com/settings/security)** section. ### Known Issues diff --git a/content/manuals/enterprise/enterprise-deployment/_index.md b/content/manuals/enterprise/enterprise-deployment/_index.md index 84b772a8b989..8324d70ef201 100644 --- a/content/manuals/enterprise/enterprise-deployment/_index.md +++ b/content/manuals/enterprise/enterprise-deployment/_index.md @@ -6,6 +6,30 @@ keywords: msi, docker desktop, windows, installation, mac, pkg, enterprise params: sidebar: group: Enterprise +grid: +- title: MSI installer + description: Learn how to install Docker Desktop with the MSI installer. + link: /enterprise/enterprise-deployment/msi-install-and-configure/ +- title: PKG installer + description: Learn how to install Docker Desktop with the PKG installer. + link: /enterprise/enterprise-deployment/pkg-install-and-configure/ +- title: MS Store + description: Learn how to install Docker Desktop through the Microsoft Store. + link: /enterprise/enterprise-deployment/ms-store/ +- title: Deploy with Intune + description: Learn how to deploy Docker Desktop on Windows and macOS devices using Microsoft Intune. + link: /enterprise/enterprise-deployment/use-intune/ +- title: Deploy with Jamf Pro + description: Learn how to deploy Docker Desktop for Mac using Jamf Pro + link: /enterprise/enterprise-deployment/use-jamf-pro/ +- title: Docker Desktop for Microsoft Dev Box + description: Install Docker Desktop for Microsoft Dev Box via the Microsoft Azure Marketlplace + link: /enterprise/enterprise-deployment/dev-box/ +- title: FAQs + description: Common questions when deploying Docker Desktop + link: /enterprise/enterprise-deployment/faq/ --- -Docker Desktop supports scalable deployment options tailored for enterprise IT environments. Whether you're rolling out Docker across hundreds of developer workstations or enforcing consistent configuration through MDM solutions like Intune or Jamf, this section provides everything you need to install, configure, and manage Docker Desktop in a secure, repeatable way. Learn how to use MSI and PKG installers, configure default settings, control updates, and ensure compliance with your organization's policies—across Windows, macOS, and Linux systems. \ No newline at end of file +Docker Desktop supports scalable deployment options tailored for enterprise IT environments. Whether you're rolling out Docker across hundreds of developer workstations or enforcing consistent configuration through MDM solutions like Intune or Jamf, this section provides everything you need to install, configure, and manage Docker Desktop in a secure, repeatable way. Learn how to use MSI and PKG installers, configure default settings, control updates, and ensure compliance with your organization's policies—across Windows, macOS, and Linux systems. + +{{< grid >}} \ No newline at end of file diff --git a/content/manuals/enterprise/security/_index.md b/content/manuals/enterprise/security/_index.md index 8584703a0a0c..800adb38e106 100644 --- a/content/manuals/enterprise/security/_index.md +++ b/content/manuals/enterprise/security/_index.md @@ -1,9 +1,74 @@ --- -title: Security +linkTitle: Security +title: Security for enterprises +description: Learn about enterprise level security features Docker has to offer and explore best practices +keywords: docker, docker hub, docker desktop, security, enterprises, scale weight: 10 -build: - render: never params: sidebar: group: Enterprise ---- \ No newline at end of file +grid_admins: +- title: Settings Management + description: Learn how Settings Management can secure your developers' workflows. + icon: shield_locked + link: /enterprise/security/hardened-desktop/settings-management/ +- title: Enhanced Container Isolation + description: Understand how Enhanced Container Isolation can prevent container attacks. + icon: security + link: /enterprise/security/hardened-desktop/enhanced-container-isolation/ +- title: Registry Access Management + description: Control the registries developers can access while using Docker Desktop. + icon: home_storage + link: /enterprise/security/hardened-desktop/registry-access-management/ +- title: Image Access Management + description: Control the images developers can pull from Docker Hub. + icon: photo_library + link: /enterprise/security/hardened-desktop/image-access-management/ +- title: "Air-Gapped Containers" + description: Restrict containers from accessing unwanted network resources. + icon: "vpn_lock" + link: /enterprise/security/hardened-desktop/air-gapped-containers/ +- title: Enforce sign-in + description: Configure sign-in for members of your teams and organizations. + link: /enterprise/security/enforce-sign-in/ + icon: passkey +- title: Domain management + description: Identify uncaptured users in your organization. + link: /enterprise/security/domain-management/ + icon: person_search +- title: Docker Scout + description: Explore how Docker Scout can help you create a more secure software supply chain. + icon: query_stats + link: /scout/ +- title: SSO + description: Learn how to configure SSO for your company or organization. + icon: key + link: /enterprise/security/single-sign-on/ +- title: SCIM + description: Set up SCIM to automatically provision and deprovision users. + icon: checklist + link: /enterprise/security/provisioning/scim/ +- title: Roles and permissions + description: Assign roles to individuals giving them different permissions within an organization. + icon: badge + link: /enterprise/security/roles-and-permissions/ +- title: Private marketplace for Extensions (Beta) + description: Learn how to configure and set up a private marketplace with a curated list of extensions for your Docker Desktop users. + icon: storefront + link: /desktop/extensions/private-marketplace/ +- title: Organization access tokens + description: Create organization access tokens as an alternative to a password. + link: /enterprise/security/access-tokens/ + icon: password +--- + +Docker provides security guardrails for both administrators and developers. + +If you're an administrator, you can enforce sign-in across Docker products for your developers, and +scale, manage, and secure your instances of Docker Desktop with DevOps security controls like Enhanced Container Isolation and Registry Access Management. + +## For administrators + +Explore the security features Docker offers to satisfy your company's security policies. + +{{< grid items="grid_admins" >}} \ No newline at end of file diff --git a/content/manuals/enterprise/security/access-tokens.md b/content/manuals/enterprise/security/access-tokens.md index 4331b2c499a1..ce84a1893e61 100644 --- a/content/manuals/enterprise/security/access-tokens.md +++ b/content/manuals/enterprise/security/access-tokens.md @@ -19,7 +19,7 @@ aliases: > access tokens instead. An organization access token (OAT) is like a [personal access token -(PAT)](/security/for-developers/access-tokens/), but an OAT is associated with +(PAT)](/security/access-tokens/), but an OAT is associated with an organization and not a single user account. Use an OAT instead of a PAT to let business-critical tasks access Docker Hub repositories without connecting the token to single user. You must have a [Docker Team or Business diff --git a/content/manuals/enterprise/security/hardened-desktop/image-access-management.md b/content/manuals/enterprise/security/hardened-desktop/image-access-management.md index 658fdbebe756..06dd8dea425a 100644 --- a/content/manuals/enterprise/security/hardened-desktop/image-access-management.md +++ b/content/manuals/enterprise/security/hardened-desktop/image-access-management.md @@ -24,7 +24,7 @@ You first need to [enforce sign-in](/manuals/enterprise/security/enforce-sign-in > [!IMPORTANT] > -> You must use [personal access tokens (PATs)](/manuals/security/for-developers/access-tokens.md) with Image Access Management. Organization access tokens (OATs) are not compatible. +> You must use [personal access tokens (PATs)](/manuals/security/access-tokens.md) with Image Access Management. Organization access tokens (OATs) are not compatible. ## Configure diff --git a/content/manuals/enterprise/security/hardened-desktop/registry-access-management.md b/content/manuals/enterprise/security/hardened-desktop/registry-access-management.md index f72a4b36def3..520cc71d58ea 100644 --- a/content/manuals/enterprise/security/hardened-desktop/registry-access-management.md +++ b/content/manuals/enterprise/security/hardened-desktop/registry-access-management.md @@ -46,7 +46,7 @@ feature always takes effect. > [!IMPORTANT] > -> You must use [personal access tokens (PATs)](/manuals/security/for-developers/access-tokens.md) with Registry Access Management. Organization access tokens (OATs) are not compatible. +> You must use [personal access tokens (PATs)](/manuals/security/access-tokens.md) with Registry Access Management. Organization access tokens (OATs) are not compatible. ## Configure Registry Access Management permissions diff --git a/content/manuals/enterprise/security/provisioning/scim.md b/content/manuals/enterprise/security/provisioning/scim.md index 52bef2e75efe..1b2c36d3355e 100644 --- a/content/manuals/enterprise/security/provisioning/scim.md +++ b/content/manuals/enterprise/security/provisioning/scim.md @@ -411,4 +411,4 @@ The following videos demonstrate how to configure SCIM for your IdP: Refer to the following troubleshooting guide if needed: -- [Troubleshoot provisioning](/manuals/security/troubleshoot/troubleshoot-provisioning.md) +- [Troubleshoot provisioning](/manuals/enterprise/troubleshoot/troubleshoot-provisioning.md) diff --git a/content/manuals/security/troubleshoot/_index.md b/content/manuals/enterprise/troubleshoot/_index.md similarity index 59% rename from content/manuals/security/troubleshoot/_index.md rename to content/manuals/enterprise/troubleshoot/_index.md index bcb88e4c1841..76d4281d6f40 100644 --- a/content/manuals/security/troubleshoot/_index.md +++ b/content/manuals/enterprise/troubleshoot/_index.md @@ -3,4 +3,7 @@ build: render: never title: Troubleshoot weight: 40 +params: + sidebar: + group: Enterprise --- \ No newline at end of file diff --git a/content/manuals/security/troubleshoot/troubleshoot-provisioning.md b/content/manuals/enterprise/troubleshoot/troubleshoot-provisioning.md similarity index 97% rename from content/manuals/security/troubleshoot/troubleshoot-provisioning.md rename to content/manuals/enterprise/troubleshoot/troubleshoot-provisioning.md index 5ed009d084a6..ba720ae8ec1f 100644 --- a/content/manuals/security/troubleshoot/troubleshoot-provisioning.md +++ b/content/manuals/enterprise/troubleshoot/troubleshoot-provisioning.md @@ -5,6 +5,8 @@ title: Troubleshoot provisioning linkTitle: Troubleshoot provisioning tags: [Troubleshooting] toc_max: 2 +aliases: + - /security/troubleshoot/troubleshoot-provisioning/ --- If you experience issues with user roles, attributes, or unexpected account diff --git a/content/manuals/security/troubleshoot/troubleshoot-sso.md b/content/manuals/enterprise/troubleshoot/troubleshoot-sso.md similarity index 98% rename from content/manuals/security/troubleshoot/troubleshoot-sso.md rename to content/manuals/enterprise/troubleshoot/troubleshoot-sso.md index b5a0dd15e084..79a16a026374 100644 --- a/content/manuals/security/troubleshoot/troubleshoot-sso.md +++ b/content/manuals/enterprise/troubleshoot/troubleshoot-sso.md @@ -6,7 +6,8 @@ linkTitle: Troubleshoot SSO tags: [Troubleshooting] toc_max: 2 aliases: - - "/security/for-admins/single-sign-on/troubleshoot/" + - /security/for-admins/single-sign-on/troubleshoot/ + - /security/troubleshoot/troubleshoot-sso/ --- While configuring or using single sign-on (SSO), you may encounter issues that diff --git a/content/manuals/platform-release-notes.md b/content/manuals/platform-release-notes.md index de8dc48116b0..41029807be83 100644 --- a/content/manuals/platform-release-notes.md +++ b/content/manuals/platform-release-notes.md @@ -48,7 +48,7 @@ This page provides details on new features, enhancements, known issues, and bug ### New -- [Personal access tokens](/security/for-developers/access-tokens/) (PATs) now support expiration dates. +- [Personal access tokens](/security/access-tokens/) (PATs) now support expiration dates. ## 2024-10-15 diff --git a/content/manuals/scout/explore/metrics-exporter.md b/content/manuals/scout/explore/metrics-exporter.md index 5426d265a8b1..5a4222e6ad31 100644 --- a/content/manuals/scout/explore/metrics-exporter.md +++ b/content/manuals/scout/explore/metrics-exporter.md @@ -40,7 +40,7 @@ To export metrics from your organization, first make sure your organization is e Then, create a Personal Access Token (PAT) - a secret token that allows the exporter to authenticate with the Docker Scout API. The PAT does not require any specific permissions, but it must be created by a user who is an owner of the Docker organization. -To create a PAT, follow the steps in [Create an access token](/security/for-developers/access-tokens/#create-an-access-token). +To create a PAT, follow the steps in [Create an access token](/security/access-tokens/#create-an-access-token). Once you have created the PAT, store it in a secure location. You will need to provide this token to the exporter when scraping metrics. @@ -108,7 +108,7 @@ alongside Grafana with a pre-configured dashboard to visualize the vulnerability $ cd scout-metrics-exporter/prometheus ``` -2. [Create a Docker access token](/security/for-developers/access-tokens/#create-an-access-token) +2. [Create a Docker access token](/security/access-tokens/#create-an-access-token) and store it in a plain text file at `/prometheus/prometheus/token` under the template directory. ```plaintext {title=token} @@ -241,7 +241,7 @@ and a Datadog site. $ cd scout-metrics-exporter/datadog ``` -2. [Create a Docker access token](/security/for-developers/access-tokens/#create-an-access-token) +2. [Create a Docker access token](/security/access-tokens/#create-an-access-token) and store it in a plain text file at `/datadog/token` under the template directory. ```plaintext {title=token} @@ -347,7 +347,7 @@ To change the scrape interval: ## Revoke an access token If you suspect that your PAT has been compromised or is no longer needed, you can revoke it at any time. -To revoke a PAT, follow the steps in the [Create and manage access tokens](/security/for-developers/access-tokens/#modify-existing-tokens). +To revoke a PAT, follow the steps in the [Create and manage access tokens](/security/access-tokens/#modify-existing-tokens). Revoking a PAT immediately invalidates the token, and prevents Prometheus from scraping metrics using that token. You will need to create a new PAT and update the Prometheus configuration to use the new token. diff --git a/content/manuals/security/for-developers/2fa/_index.md b/content/manuals/security/2fa/_index.md similarity index 97% rename from content/manuals/security/for-developers/2fa/_index.md rename to content/manuals/security/2fa/_index.md index 89ba99f6a42e..3008cfab1df3 100644 --- a/content/manuals/security/for-developers/2fa/_index.md +++ b/content/manuals/security/2fa/_index.md @@ -5,7 +5,8 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa title: Enable two-factor authentication for your Docker account linkTitle: Two-factor authentication aliases: -- /docker-hub/2fa/ + - /docker-hub/2fa/ + - /security/for-developers/2fa/ --- Two-factor authentication adds an extra layer of security to your Docker diff --git a/content/manuals/security/for-developers/2fa/disable-2fa.md b/content/manuals/security/2fa/disable-2fa.md similarity index 89% rename from content/manuals/security/for-developers/2fa/disable-2fa.md rename to content/manuals/security/2fa/disable-2fa.md index 213e1f679d28..c3e2ab06c21e 100644 --- a/content/manuals/security/for-developers/2fa/disable-2fa.md +++ b/content/manuals/security/2fa/disable-2fa.md @@ -5,7 +5,8 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa title: Disable two-factor authentication on your Docker account linkTitle: Disable two-factor authentication aliases: -- /docker-hub/2fa/disable-2fa/ + - /docker-hub/2fa/disable-2fa/ + - /security/for-developers/2fa/disable-2fa/ weight: 30 --- diff --git a/content/manuals/security/for-developers/2fa/new-recovery-code.md b/content/manuals/security/2fa/new-recovery-code.md similarity index 89% rename from content/manuals/security/for-developers/2fa/new-recovery-code.md rename to content/manuals/security/2fa/new-recovery-code.md index 5c19cda2258a..1ec904930ec9 100644 --- a/content/manuals/security/for-developers/2fa/new-recovery-code.md +++ b/content/manuals/security/2fa/new-recovery-code.md @@ -4,7 +4,8 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa authentication, account security title: Generate a new recovery code aliases: -- /docker-hub/2fa/new-recovery-code/ + - /docker-hub/2fa/new-recovery-code/ + - /security/for-developers/2fa/new-recovery-code/ weight: 10 --- diff --git a/content/manuals/security/for-developers/2fa/recover-hub-account.md b/content/manuals/security/2fa/recover-hub-account.md similarity index 88% rename from content/manuals/security/for-developers/2fa/recover-hub-account.md rename to content/manuals/security/2fa/recover-hub-account.md index e8424ccd43a4..d4c9d7925284 100644 --- a/content/manuals/security/for-developers/2fa/recover-hub-account.md +++ b/content/manuals/security/2fa/recover-hub-account.md @@ -4,7 +4,8 @@ keywords: Docker, docker, registry, security, Docker Hub, authentication, two-fa authentication title: Recover your Docker account aliases: -- /docker-hub/2fa/recover-hub-account/ + - /docker-hub/2fa/recover-hub-account/ + - /security/for-developers/2fa/recover-hub-account/ weight: 20 --- diff --git a/content/manuals/security/_index.md b/content/manuals/security/_index.md index 9bca77f06c72..798d18d796bd 100644 --- a/content/manuals/security/_index.md +++ b/content/manuals/security/_index.md @@ -1,73 +1,21 @@ --- -title: Security -description: Learn about security features Docker has to offer and explore best practices +title: Security for developers +linkTitle: Security +description: Learn about developer-level security features Docker has to offer and explore best practices keywords: docker, docker hub, docker desktop, security weight: 40 params: sidebar: group: Platform -grid_admins: -- title: Settings Management - description: Learn how Settings Management can secure your developers' workflows. - icon: shield_locked - link: /security/for-admins/hardened-desktop/settings-management/ -- title: Enhanced Container Isolation - description: Understand how Enhanced Container Isolation can prevent container attacks. - icon: security - link: /security/for-admins/hardened-desktop/enhanced-container-isolation/ -- title: Registry Access Management - description: Control the registries developers can access while using Docker Desktop. - icon: home_storage - link: /security/for-admins/hardened-desktop/registry-access-management/ -- title: Image Access Management - description: Control the images developers can pull from Docker Hub. - icon: photo_library - link: /security/for-admins/hardened-desktop/image-access-management/ -- title: "Air-Gapped Containers" - description: Restrict containers from accessing unwanted network resources. - icon: "vpn_lock" - link: /security/for-admins/hardened-desktop/air-gapped-containers/ -- title: Enforce sign-in - description: Configure sign-in for members of your teams and organizations. - link: /security/for-admins/enforce-sign-in/ - icon: passkey -- title: Domain management - description: Identify uncaptured users in your organization. - link: /security/for-admins/domain-management/ - icon: person_search -- title: Docker Scout - description: Explore how Docker Scout can help you create a more secure software supply chain. - icon: query_stats - link: /scout/ -- title: SSO - description: Learn how to configure SSO for your company or organization. - icon: key - link: /security/for-admins/single-sign-on/ -- title: SCIM - description: Set up SCIM to automatically provision and deprovision users. - icon: checklist - link: /security/for-admins/provisioning/scim/ -- title: Roles and permissions - description: Assign roles to individuals giving them different permissions within an organization. - icon: badge - link: /security/for-admins/roles-and-permissions/ -- title: Private marketplace for Extensions (Beta) - description: Learn how to configure and set up a private marketplace with a curated list of extensions for your Docker Desktop users. - icon: storefront - link: /desktop/extensions/private-marketplace/ -- title: Organization access tokens - description: Create organization access tokens as an alternative to a password. - link: /security/for-admins/access-tokens/ - icon: password grid_developers: - title: Set up two-factor authentication description: Add an extra layer of authentication to your Docker account. - link: /security/for-developers/2fa/ + link: /security/2fa/ icon: phonelink_lock - title: Manage access tokens description: Create personal access tokens as an alternative to your password. icon: password - link: /security/for-developers/access-tokens/ + link: /security/access-tokens/ - title: Static vulnerability scanning description: Automatically run a point-in-time scan on your Docker images for vulnerabilities. icon: image_search @@ -102,12 +50,6 @@ scale, manage, and secure your instances of Docker Desktop with DevOps security For both administrators and developers, Docker provides security-specific products such as Docker Scout, for securing your software supply chain with proactive image vulnerability monitoring and remediation strategies. -## For administrators - -Explore the security features Docker offers to satisfy your company's security policies. - -{{< grid items="grid_admins" >}} - ## For developers See how you can protect your local environments, infrastructure, and networks without impeding productivity. diff --git a/content/manuals/security/for-developers/access-tokens.md b/content/manuals/security/access-tokens.md similarity index 98% rename from content/manuals/security/for-developers/access-tokens.md rename to content/manuals/security/access-tokens.md index 6ba1d0a23ab6..503491451734 100644 --- a/content/manuals/security/for-developers/access-tokens.md +++ b/content/manuals/security/access-tokens.md @@ -5,7 +5,8 @@ description: Learn how to create and manage your personal Docker access tokens to securely push and pull images programmatically. keywords: docker hub, hub, security, PAT, personal access token aliases: -- /docker-hub/access-tokens/ + - /docker-hub/access-tokens/ + - /security/for-developers/access-tokens/ --- You can create a personal access token (PAT) to use as an alternative to your password for Docker CLI authentication. diff --git a/content/manuals/security/faqs/single-sign-on/enforcement-faqs.md b/content/manuals/security/faqs/single-sign-on/enforcement-faqs.md index 720ee573efcd..20528c61e89f 100644 --- a/content/manuals/security/faqs/single-sign-on/enforcement-faqs.md +++ b/content/manuals/security/faqs/single-sign-on/enforcement-faqs.md @@ -21,11 +21,11 @@ Yes. You must verify a domain before using it with an SSO connection. When SSO is enforced, [passwords are prevented from accessing the Docker CLI](/security/security-announcements/#deprecation-of-password-logins-on-cli-when-sso-enforced). You can still access the Docker CLI using a personal access token (PAT) for authentication. -Each user must create a PAT to access the CLI. To learn how to create a PAT, see [Manage access tokens](/security/for-developers/access-tokens/). Users who already used a PAT to sign in before SSO enforcement will still be able to use that PAT to authenticate. +Each user must create a PAT to access the CLI. To learn how to create a PAT, see [Manage access tokens](/security/access-tokens/). Users who already used a PAT to sign in before SSO enforcement will still be able to use that PAT to authenticate. ### How does SSO affect automation systems and CI/CD pipelines? -Before enforcing SSO, you must [create PATs](/security/for-developers/access-tokens/). These PATs are used instead of passwords for signing into automation systems and CI/CD pipelines. +Before enforcing SSO, you must [create PATs](/security/access-tokens/). These PATs are used instead of passwords for signing into automation systems and CI/CD pipelines. ### What can organization users who authenticated with personal emails prior to enforcement expect? diff --git a/content/manuals/security/for-developers/_index.md b/content/manuals/security/for-developers/_index.md deleted file mode 100644 index 72aff1827fac..000000000000 --- a/content/manuals/security/for-developers/_index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -build: - render: never -title: For developers -weight: 20 ---- diff --git a/content/manuals/subscription/details.md b/content/manuals/subscription/details.md index ddf17d98f1e8..5cf7a39fd903 100644 --- a/content/manuals/subscription/details.md +++ b/content/manuals/subscription/details.md @@ -176,7 +176,7 @@ their customers. Legacy Docker Pro includes: - Unlimited public repositories -- Unlimited [Scoped Access Tokens](/security/for-developers/access-tokens/) +- Unlimited [Scoped Access Tokens](/security/access-tokens/) - Unlimited [collaborators](/docker-hub/repos/manage/access/#collaborators) for public repositories at no cost per month. - Access to [Legacy Docker Scout Free](#legacy-docker-scout-free) to get started with software supply chain security. - Unlimited private repositories diff --git a/content/reference/api/hub/latest.yaml b/content/reference/api/hub/latest.yaml index f257c2ca0b6a..34332990fc7c 100644 --- a/content/reference/api/hub/latest.yaml +++ b/content/reference/api/hub/latest.yaml @@ -101,7 +101,7 @@ tags: - name: access-tokens x-displayName: Personal Access Tokens description: | - The Personal Access Token endpoints lets you manage personal access tokens. For more information, see [Access Tokens](https://docs.docker.com/security/for-developers/access-tokens/). + The Personal Access Token endpoints lets you manage personal access tokens. For more information, see [Access Tokens](https://docs.docker.com/security/access-tokens/). You can use a personal access token instead of a password in the [Docker CLI](https://docs.docker.com/engine/reference/commandline/cli/) or in the [Create an authentication token](#operation/PostUsersLogin) route to obtain a bearer token. diff --git a/data/redirects.yml b/data/redirects.yml index 52964fb52641..727d6ecdb1fb 100644 --- a/data/redirects.yml +++ b/data/redirects.yml @@ -8,7 +8,7 @@ # provide a short, permanent link to refer to a topic in the documentation. # For example, the docker CLI can output https://docs.docker.com/go/some-topic # in its help output, which can be redirected to elsewhere in the documentation. -"/security/for-developers/access-tokens/": +"/security/access-tokens/": - /go/access-tokens/ "/reference/api/engine/#deprecated-api-versions": - /engine/api/v1.18/