From de2d1f396b8bc244fd84522e52a08e370335521f Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Mon, 4 Nov 2024 15:18:22 -0800 Subject: [PATCH 1/3] Update PAT guide to include expiration feature --- .../security/for-developers/access-tokens.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/content/manuals/security/for-developers/access-tokens.md b/content/manuals/security/for-developers/access-tokens.md index a7af86ee1666..954d8e0c44d6 100644 --- a/content/manuals/security/for-developers/access-tokens.md +++ b/content/manuals/security/for-developers/access-tokens.md @@ -14,8 +14,7 @@ Compared to passwords, PATs provide the following advantages: - You can investigate when the PAT was last used and then disable or delete it if you find any suspicious activity. - When using an access token, you can't perform any administrative activity on the account, including changing the password. It protects your account if your computer is compromised. - -Access tokens are also valuable for building integrations, as you can issue multiple tokens, one for each integration, and revoke them at +- Access tokens are valuable for building integrations, as you can issue multiple tokens, one for each integration, and revoke them at any time. ## Create an access token @@ -24,6 +23,8 @@ any time. > > Treat access tokens like your password and keep them secret. Store your tokens securely in a credential manager for example. +Use the Docker Admin Console to create an access token: + 1. Sign in to your [Docker account](https://app.docker.com/login). 2. Select your avatar in the top-right corner and from the drop-down menu select **Account settings**. @@ -34,14 +35,15 @@ any time. 5. Add a description for your token. Use something that indicates the use case or purpose of the token. -6. Set the access permissions. +6. Select the expiration date for the token. + +7. Set the access permissions. The access permissions are scopes that set restrictions in your repositories. For example, for Read & Write permissions, an automation pipeline can build an image and then push it to a repository. However, it can't delete the repository. -7. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able - to retrieve the token once you close this prompt. +9. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt. ## Use an access token @@ -63,6 +65,10 @@ When prompted for a password, enter your personal access token instead of a pass ## Modify existing tokens +> [!NOTE] +> +> You can't edit the expiration date on an existing token. You must create a new PAT if you need to set a new expiration date. + You can rename, activate, deactivate, or delete a token as needed. You can manage your tokens in your account settings. 1. Sign in to your [Docker account](https://app.docker.com/login). From e43991ced97bd2ce39b6f78544267795c61a4b82 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Mon, 4 Nov 2024 15:22:58 -0800 Subject: [PATCH 2/3] Fixed numbering error --- content/manuals/security/for-developers/access-tokens.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/security/for-developers/access-tokens.md b/content/manuals/security/for-developers/access-tokens.md index 954d8e0c44d6..66f1310420c5 100644 --- a/content/manuals/security/for-developers/access-tokens.md +++ b/content/manuals/security/for-developers/access-tokens.md @@ -43,7 +43,7 @@ Use the Docker Admin Console to create an access token: pipeline can build an image and then push it to a repository. However, it can't delete the repository. -9. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt. +8. Select **Generate** and then copy the token that appears on the screen and save it. You won't be able to retrieve the token once you close this prompt. ## Use an access token From 27f854fe6e29b0b309395b0df0c00a5aca5bc270 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Mon, 4 Nov 2024 15:24:03 -0800 Subject: [PATCH 3/3] Small consistency error --- content/manuals/security/for-developers/access-tokens.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/manuals/security/for-developers/access-tokens.md b/content/manuals/security/for-developers/access-tokens.md index 66f1310420c5..0cbb62c85538 100644 --- a/content/manuals/security/for-developers/access-tokens.md +++ b/content/manuals/security/for-developers/access-tokens.md @@ -23,7 +23,7 @@ any time. > > Treat access tokens like your password and keep them secret. Store your tokens securely in a credential manager for example. -Use the Docker Admin Console to create an access token: +Use the Docker Admin Console to create an access token. 1. Sign in to your [Docker account](https://app.docker.com/login).