Docker Hub Dynamic Secrets

You can define a Docker Hub Dynamic secret to generate just-in-time personal access tokens for your Docker Hub repository.

Create a Dynamic Secret for Docker Hub from the CLI

Let’s create a dynamic secret for Docker Hub using the Akeyless CLI.

akeyless gateway-create-producer-dockerhub -u <Your GW URL > \
--name <secret name> \
--dockerhub-username <Dockerhub username> \
--dockerhub-password <Dockerhub password> \
--dockerhub-token-scopes <permissions scopes for the temporary token, comma seperated>

Alternatively, you can replace dockerhub-username and dockerhub-password with target-name to use an existing Docker Hub Target.

Docker Hub token scopes: Possible permissions scopes are:
repo:admin ,repo:write, repo:read, repo:public_read.

Note that each of the permissions scopes above includes the lower permissions scopes i.e repo:admin includes all the rest of the scopes permissions. e.g repo:write contains repo:read and repo:public_read etc.

Create a Dynamic Secret for Docker Hub from the Akeyless Console UI

  1. In the Akeyless Console UI, select Secret & Keys > Dynamic Secret > Docker Hub.




A unique name that describes the purpose or permissions scope of this dynamic secret.


The path in which to store this dynamic secret.

Target Mode

Choose an existing target, or explicitly specify target properties

Token Scopes

Permission profile of the temporary token for Docker Hub access level.


Choose on which gateway to create this item. Make sure this Gateway is available.


In case explicit target mode is used, provide a privileged username to create temporary tokens


Privleged username password

Did this page help you?