{"id":39006656,"url":"https://github.com/hoeg/vault-plugin-secrets-dockerhub","last_synced_at":"2026-01-17T17:17:36.702Z","repository":{"id":91146928,"uuid":"323611936","full_name":"hoeg/vault-plugin-secrets-dockerhub","owner":"hoeg","description":"Plugin for creating dynamic access tokens to DockerHub","archived":false,"fork":false,"pushed_at":"2025-09-04T04:09:04.000Z","size":7786,"stargazers_count":9,"open_issues_count":6,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-04T06:18:32.143Z","etag":null,"topics":["devsecops","dockerhub","vault-plugins"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hoeg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-12-22T11:53:54.000Z","updated_at":"2025-09-04T04:09:08.000Z","dependencies_parsed_at":"2024-01-20T18:41:43.445Z","dependency_job_id":"8754f4a2-e65c-4d2c-88e7-40dc9bc7d33c","html_url":"https://github.com/hoeg/vault-plugin-secrets-dockerhub","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hoeg/vault-plugin-secrets-dockerhub","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoeg%2Fvault-plugin-secrets-dockerhub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoeg%2Fvault-plugin-secrets-dockerhub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoeg%2Fvault-plugin-secrets-dockerhub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoeg%2Fvault-plugin-secrets-dockerhub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hoeg","download_url":"https://codeload.github.com/hoeg/vault-plugin-secrets-dockerhub/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoeg%2Fvault-plugin-secrets-dockerhub/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28512306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T13:38:16.342Z","status":"ssl_error","status_checked_at":"2026-01-17T13:37:44.060Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","dockerhub","vault-plugins"],"created_at":"2026-01-17T17:17:36.042Z","updated_at":"2026-01-17T17:17:36.686Z","avatar_url":"https://github.com/hoeg.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vault Secrets Plugin for Docker Hub\n\n[![CodeQL](https://github.com/hoeg/vault-plugin-secrets-dockerhub/actions/workflows/github-code-scanning/codeql/badge.svg?branch=master)](https://github.com/hoeg/vault-plugin-secrets-dockerhub/actions/workflows/github-code-scanning/codeql) [![Semgrep](https://github.com/hoeg/vault-plugin-secrets-dockerhub/actions/workflows/semgrep.yml/badge.svg?branch=master)](https://github.com/hoeg/vault-plugin-secrets-dockerhub/actions/workflows/semgrep.yml)\n\n![rest](https://github.com/hoeg/vault-plugin-secrets-dockerhub/blob/master/pics/4wysdl.jpg)\n\nDocker is used in many CI/CD piplines and accessing your private repositories should be made possible in a secure way. Using username and password for this is bad since these credentials have way to broad permissions. Access tokens on the other hand cannot change the password for an account and they can be restricted to specific namespaces thereby having a tighter scope than your username and password.\n\n## Usage\n\nTo use the plugin you must rigster it. See the [Hashicorp Vault documentation](https://www.vaultproject.io/docs/commands/plugin/register) for the steps needed. The `Makefile` provides steps to test locally.\n\n### Configure DockerHub account\n\nFirst configure the credentials for the DockerHub account you want credentials from:\n\n```bash\nvault write dockerhub/config/$USERNAME password=$PASSWORD scopes=$SCOPE\n```\n\nwhere scopes is a comma separated list with the following valid values:`admin, write, read, public_read`.\n\n`ttl` is optional. If it is not provided it will be set to the default `ttl` which is 5 minutes.\n\nYou can read the permissions using\n\n```bash\nvault read dockerhub/config/$USERNAME\n```\n\nThe password will not be shown. Also it is not possible to update en existing configuration but a new one can be created. No validity checks are made when the config is written aside from validating the scopes.\n\n### Creating tokens\n\nTokens issued by Vault will be revoked automatically after the `ttl` has expired. To issue a token run:\n\n```bash\nvault write dockerhub/token/$SCOPE label=$TOKEN_LABEL\n```\n\nBy having scope as part of the path it is possible to restrict which scopes vault users are allowed to create credentials for.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoeg%2Fvault-plugin-secrets-dockerhub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhoeg%2Fvault-plugin-secrets-dockerhub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoeg%2Fvault-plugin-secrets-dockerhub/lists"}