Skip to content

Commit 0713d42

Browse files
committed
feat: update documentation for Docker Hub Registry and Personal Access Token (PAT) usage
1 parent deba364 commit 0713d42

2 files changed

Lines changed: 45 additions & 41 deletions

File tree

docs/miner/concepts/dockerhubpat.md

Lines changed: 33 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,40 @@
11
---
2-
title: Docker Hub Registry
2+
title: Docker Hub Registry & PAT
33
tags:
44
- miner
55
- docker
66
- registry
77
- pat
88
---
99

10-
# 🐳 Docker Hub Registry
10+
# 🐳 Docker Hub Registry & PAT
1111

1212
!!! note ""
13-
Need to install Docker first? See the [Docker installation guide](https://docs.theredteam.io/latest/manuals/installation/docker/).
13+
Need to install Docker first? See the [Docker installation guide](../../manuals/installation/docker.md).
1414

1515
---
1616

1717
## 🔑 One Username Policy
1818

19-
Your `active_commit` must reference images from a **single Docker Hub username**. All image references should follow this format:
19+
Your `active_commit.yaml` must reference images from a **single Docker Hub username**. All image entries follow this format:
2020

2121
```
22-
<your-username>/<repository>:<tag>
22+
<CHALLENGE_NAME>---<USERNAME>/<REPO_NAME>@sha256:<DIGEST>
2323
```
2424

25-
Using multiple usernames will cause authentication failures during the validation process because only one set of credentials is used for pulling.
25+
For example:
26+
27+
```yaml
28+
- ab_sniffer_v5---myusername/my-ab-sniffer@sha256:a5fff733d574ae0c9...
29+
- humanize_behaviou_v4---myusername/my-humanize@sha256:f84f4d5a1799082...
30+
```
2631
2732
!!! warning "Common mistake"
28-
If you collaborate with others, make sure everyone pushes to repositories under the **same** Docker Hub username. Mixing usernames like `alice/solver` and `bob/detector` in one `active_commit` will break image pulls.
33+
All entries must use the **same** Docker Hub username. Mixing usernames like `alice/solver` and `bob/detector` in one `active_commit.yaml` will cause authentication failures because only one set of credentials is used for pulling.
2934

3035
---
3136

32-
## 🔒 Private Repositories
37+
## 🔒 Private Repository
3338

3439
Your Docker Hub repository should be set to **private**. Public repositories expose your solution to other participants.
3540

@@ -53,7 +58,7 @@ Your Docker Hub repository should be set to **private**. Public repositories exp
5358

5459
## 🎫 Generating a Personal Access Token (PAT)
5560

56-
A PAT is a secure alternative to your Docker Hub password. It can be scoped to specific permissions and revoked at any time — much safer than sharing your account password.
61+
A PAT is a secure alternative to your Docker Hub password. It can be scoped to specific permissions and revoked at any time.
5762

5863
### Step 1 — Sign in to Docker Hub
5964

@@ -81,11 +86,11 @@ You can get there in two ways:
8186
Your token will be shown **only once**. Copy it immediately and store it somewhere safe.
8287

8388
!!! danger "Don't lose your token!"
84-
Docker Hub will **never** show this token value again. If you lose it, you'll need to revoke it and generate a new one. Store it in a password manager or an encrypted file.
89+
Docker Hub will **never** show this token value again. If you lose it, you'll need to revoke it and generate a new one.
8590

8691
### Step 5 — Verify it works
8792

88-
Before plugging the PAT into your miner config, quickly verify it from your terminal:
93+
Before using the PAT in your miner, quickly verify it from your terminal:
8994

9095
```bash
9196
docker login -u <your-username>
@@ -98,30 +103,28 @@ Login Succeeded
98103
```
99104

100105
??? example "One-liner for scripts"
101-
If you prefer a non-interactive login (useful in CI/CD or automation scripts):
106+
If you prefer a non-interactive login:
102107

103108
```bash
104109
echo "<your-pat>" | docker login -u <your-username> --password-stdin
105110
```
106111

107-
### Step 6 — Use the token in your miner
112+
---
108113

109-
Provide your credentials in the miner configuration:
114+
## 📝 Using the PAT in Your Miner
110115

111-
| Field | Value |
112-
|---|---|
113-
| `docker_hub_username` | Your Docker Hub username |
114-
| `docker_hub_pat` | The PAT you generated |
116+
After generating your PAT, paste it into the `personal_access_token.txt` file:
115117

116-
!!! warning "Keep your PAT out of version control"
117-
Never hardcode your PAT in source code or commit it to Git. Use environment variables or a `.env` file:
118+
```bash
119+
# Copy template file (if not done yet):
120+
cp -v ./templates/configs/personal_access_token.txt ./volumes/configs/agent-miner/personal_access_token.txt
118121
119-
```bash
120-
export DOCKER_HUB_USERNAME="your-username"
121-
export DOCKER_HUB_PAT="dckr_pat_xxxxxxxxxxxxx"
122-
```
122+
# Edit and paste your PAT:
123+
nano ./volumes/configs/agent-miner/personal_access_token.txt
124+
```
123125

124-
Add `.env` to your `.gitignore` if you use a dotenv file.
126+
!!! danger "Never commit your PAT"
127+
Make sure `personal_access_token.txt` is not tracked by Git. If you accidentally expose a PAT, revoke it immediately from the [security settings page](https://hub.docker.com/settings/security) and generate a new one.
125128

126129
---
127130

@@ -136,26 +139,24 @@ You can manage all your tokens from the [security settings page](https://hub.doc
136139
| **Regenerate** | You want a new value but keep the same name and permissions |
137140
| **Create new** | You need a separate token for a different purpose |
138141

139-
You can have multiple tokens, but only **one** should be used for your miner configuration.
140-
141142
---
142143

143144
## ❓ Troubleshooting
144145

145146
??? question "Authentication failed during image pull"
146-
- Double-check that the PAT is correct and hasn't been revoked.
147+
- Double-check that the PAT in `personal_access_token.txt` is correct and hasn't been revoked.
147148
- Make sure you're using the PAT, not your Docker Hub password.
148149
- Verify the token hasn't expired — check the [security settings page](https://hub.docker.com/settings/security).
149150

150151
??? question "Repository not found"
151-
- Confirm the image name matches exactly: `<username>/<repo>:<tag>`.
152+
- Confirm the image reference in `active_commit.yaml` matches exactly: `<username>/<repo>@sha256:<hash>`.
152153
- Ensure the PAT belongs to the same account that owns the repository.
153154
- Check that the repository actually exists on Docker Hub.
154155

155-
??? question "Multiple username errors in `active_commit`"
156-
- All images in your `active_commit` must use the **same** Docker Hub username.
156+
??? question "Multiple username errors in `active_commit.yaml`"
157+
- All entries in your `active_commit.yaml` must use the **same** Docker Hub username.
157158
- If you need images from different sources, push them all under one account first.
158159

159160
??? question "My images are publicly visible"
160-
- Go to each repository's **Settings****Visibility** → switch to **Private**.
161+
- Go to your repository's **Settings** → **Visibility** → switch to **Private**.
161162
- Set your default visibility to private to prevent this in the future (see the tip above).

docs/miner/workflow/4.submit-commit.md

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -83,15 +83,18 @@ Your miner needs Docker Hub credentials to pull your private images during valid
8383
# Expected output: Login Succeeded
8484
```
8585

86-
These values go into your `.env` file in the next step:
86+
Copy and configure the PAT file:
8787

88-
| `.env` variable | Value |
89-
| --------------------- | ------------------------------- |
90-
| `DOCKER_HUB_USERNAME` | Your Docker Hub username |
91-
| `DOCKER_HUB_PAT` | The Read-only PAT you generated |
88+
```sh
89+
# Copy template personal access token file:
90+
cp -v ./templates/configs/personal_access_token.txt ./volumes/configs/agent-miner/personal_access_token.txt
91+
92+
# Paste your PAT into the file:
93+
nano ./volumes/configs/agent-miner/personal_access_token.txt
94+
```
9295

9396
!!! danger "Never commit your PAT"
94-
Add `.env` to your `.gitignore`. If you accidentally expose a PAT, revoke it immediately from the [security settings page](https://hub.docker.com/settings/security) and generate a new one.
97+
Make sure `personal_access_token.txt` is not tracked by Git. If you accidentally expose a PAT, revoke it immediately from the [security settings page](https://hub.docker.com/settings/security) and generate a new one.
9598

9699
---
97100

@@ -116,7 +119,7 @@ cp -v ./.env.example ./.env
116119
nano ./.env
117120
```
118121

119-
## 4.4. Validate docker compose configuration
122+
## 4.5. Validate docker compose configuration
120123

121124
```sh
122125
# Check docker compose configuration is valid:
@@ -125,7 +128,7 @@ nano ./.env
125128
docker compose config
126129
```
127130

128-
## 4.5. Start miner node to submit
131+
## 4.6. Start miner node to submit
129132

130133
```sh
131134
# Start docker compose:
@@ -136,7 +139,7 @@ docker compose up -d --remove-orphans --force-recreate && \
136139
```
137140

138141
!!! warning "IMPORTANT"
139-
- You need to keep the miner node running continuously to submit solutions and earn rewards during the challenge period (at 2 least days).
142+
- You need to keep the miner node running continuously to submit solutions and earn rewards during the challenge period (at least 2 days).
140143
- Stopping the miner node could halt submission communications with validators and affect your earnings.
141144

142145
## Next step

0 commit comments

Comments
 (0)