301

I'm not sure if I have already logged in to a docker registry in cmd line by using cmd: docker login. How can you test or see whether you are logged in or not, without trying to push?

Improve this question
5
  • Not sure I understand your question? do you want to know if you are logged in on a terminal? why not run %docker images command in the terminal and see if your images show up?
    – noobuntu
    Commented Mar 15, 2016 at 21:54
  • 2
    I want to know whether I am logged in to dockerhub registry in terminal. I thought the images are local, so it will just show the local images, not the dockerhub images.
    – Ville Miekk-oja
    Commented Mar 15, 2016 at 21:56
  • 1
    I believe once you are logged into docker, you are connected to your dockerhub registry. I don't think there is a separate login
    – noobuntu
    Commented Mar 15, 2016 at 22:01
  • 7
    docker info | grep Username this should display your current docker user. Hope helps
    – Austin p.b
    Commented Nov 23, 2021 at 21:05
  • Question stackoverflow.com/q/61098378/1548275 is related to this. If a credential helper is in use, the status can be queried via helper.
    – Jari Turkia
    Commented Feb 3, 2022 at 9:51

17 Answers 17

Reset to default
210

Edit 2020

Referring back to the (closed) github issue, where it is pointed out, there is no actual session or state;

docker login actually isn't creating any sort of persistent session, it is only storing the user's credentials on disk so that when authentication is required it can read them to login

As others have pointed out, an auths entry/node is added to the ~/.docker/config.json file (this also works for private registries) after you succesfully login:

{
    "auths": {
            "https://index.docker.io/v1/": {}
    },
    ...

When logging out, this entry is then removed:

$ docker logout
Removing login credentials for https://index.docker.io/v1/

Content of docker config.json after:

{
    "auths": {},
    ...

This file can be parsed by your script or code to check your login status.

Alternative method (re-login)

You can login to docker with docker login <repository>

$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If 
you don't have a Docker ID, head over to https://hub.docker.com to 
create one.
Username:

If you are already logged in, the prompt will look like:

$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If 
you don't have a Docker ID, head over to https://hub.docker.com to 
create one.
Username (myusername):        # <-- "myusername"

For the original explanation for the ~/.docker/config.json, check question: how can I tell if I'm logged into a private docker registry

Improve this answer
11
  • 5
    The last link talks about checking the contents of ~/.docker/config.json.
    – dusan
    Commented Nov 27, 2017 at 15:39
  • 5
    docker info is apparently unreliable even for index.docker.io. Currently logged in alright and only see the Registry entry, no Username.
    – famousgarkin
    Commented Apr 25, 2018 at 6:15
  • 4
    docker info is not showing Username anymore. I am on Windows, with docker version 18.05.0-ce.
    – Giovanni Bassi
    Commented Jun 22, 2018 at 1:24
  • 3
    What if a script needs to check?
    – Teekin
    Commented Jul 7, 2018 at 11:03
  • 2
    docker logout doesn't empty the "auths" entry in configjson, at least it doesn't for me
    – John Smith Optional
    Commented May 22, 2020 at 11:02
59

I use one of the following two ways for this check:

1: View config.json file:

In case you are logged in to "private.registry.com" you will see an entry for the same as following in ~/.docker/config.json:

"auths": {
    "private.registry.com": {
        "auth": "gibberishgibberishgibberishgibberishgibberishgibberish"
    }
 }

2: Try docker login once again:

If you are trying to see if you already have an active session with private.registry.com, try to login again:

bash$ docker login private.registry.com
Username (logged-in-user):

If you get an output like the above, it means logged-in-user already had an active session with private.registry.com. If you are just prompted for username instead, that would indicate that there's no active session.

Improve this answer
0
40

You can do the following command to see the username you are logged in with and the registry used: 

docker system info | grep -E 'Username|Registry'
Improve this answer
2
  • 23
    Im logged into a private registry bu this shows for info "Registry: index.docker.io/v1". Not accurate or reliable
    – Shōgun8
    Commented Nov 13, 2021 at 6:04
  • 12
    Does not work for private repos
    – oligofren
    Commented Dec 22, 2021 at 14:07
19

The answers here so far are not so useful:

  • docker info no longer provides this info
  • docker logout is a major inconvenience - unless you already know the credentials and can easily re-login
  • docker login response seems quite unreliable and not so easy to parse by the program

My solution that worked for me builds on @noobuntu's comment: I figured that if I already known the image that I want to pull, but I'm not sure if the user is already logged in, I can do this:

try pulling target image
-> on failure:
   try logging in
   -> on failure: throw CannotLogInException
   -> on success:
      try pulling target image
      -> on failure: throw CannotPullImageException
      -> on success: (continue)
-> on success: (continue)
Improve this answer
2
  • This is by far the best stratgy: just try a pull, if it fails then it is not logged in (the rest of the logic you have will depend on each use case, but the first try is universally applicable).
    – Oliver
    Commented Nov 11, 2018 at 6:00
  • 3
    However someone pointed out on github.com/moby/moby/issues/15466 that there are many reasons for failure, not just login issue, yet docker exit status does not allow to differentiate reason for failure. It's still better than the other solutions, but a full solution would require a patch to docker.
    – Oliver
    Commented Nov 11, 2018 at 6:08
18

The docker cli credential scheme is unsurprisingly uncomplicated, just take a look:

cat ~/.docker/config.json

{
  "auths": {
    "dockerregistry.myregistry.com": {},
    "https://index.docker.io/v1/": {}

This exists on Windows (use Get-Content ~\.docker\config.json) and you can also poke around the credential tool which also lists the username ... and I think you can even retrieve the password

. "C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe" list

{"https://index.docker.io/v1/":"kcd"}
Improve this answer
4
  • On windows you can see only the username, the password is stored in credentials manager (control panel)
    – Thorbjørn Ravn Andersen
    Commented Aug 27, 2019 at 11:15
  • I guess I will spoil the surprise... docker-credential-wincred.exe <store|get|erase|list|version> which means you can get your password
    – KCD
    Commented Sep 8, 2019 at 23:21
  • That cat command should use linux path separators: cat ~/.docker/config.json . This may seem a nit-pick to some, but other readers might just copy/paste it and try it, and not realize readily that the "no such file or directory" error is due to this. :-)
    – charlie arehart
    Commented Jun 22, 2020 at 1:18
  • @charliearehart you underestimate my laziness, I was using the cat alias in Powershell... updated to include both
    – KCD
    Commented Jul 6, 2020 at 8:59
9

My AWS ECR build-script has:

ECR_HOSTNAME="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
TOKEN=$(jq -r '.auths["'$ECR_HOSTNAME'"]["auth"]' ~/.docker/config.json)
curl --fail --header "Authorization: Basic $TOKEN" https://$ECR_HOSTNAME/v2/

If accessing ECR fails, a login is done:

aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin https://$ECR_HOSTNAME

For this to work, a proper Docker credential store cannot be used. Default credentials store of ~/.docker/config.json is assumed.

Improve this answer
3
  • 1
    This is one of the few that works and works well with private repos (like AWS). Just depends on jq, docker and curl. Thanks!
    – oligofren
    Commented Dec 22, 2021 at 14:10
  • This only works if you're not using a credential store.
    – Quolonel Questions
    Commented Oct 18, 2023 at 17:13
  • @QuolonelQuestions In my answer I wrote "For this to work, a proper Docker credential store cannot be used." Thanks for pointing this out.
    – Jari Turkia
    Commented Oct 19, 2023 at 5:51
7

For private registries, nothing is shown in docker info. However, the logout command will tell you if you were logged in:

 $ docker logout private.example.com
 Not logged in to private.example.com

(Though this will force you to log in again.)

Improve this answer
0
7

Just checked, today it looks like this:

$ docker login
Authenticating with existing credentials...
Login Succeeded

NOTE: this is on a macOS with the latest version of Docker CE, docker-credential-helper - both installed with homebrew.

Improve this answer
5
  • this is how to login
    – Shōgun8
    Commented Nov 13, 2021 at 6:06
  • yes, but if you're not logged in you will be prompted for a UN/PW. If you are ALREADY logged in, it will simply refresh your session as above; notice the phrase "existing credentials".
    – todd_dsm
    Commented Nov 15, 2021 at 17:31
  • Fair enough; I was only considering programmatic solutions, but that's no what the op asked.
    – Shōgun8
    Commented Nov 15, 2021 at 21:36
  • @Shōgun8, the docker-credential-helper makes it so you really don't have to think about it. If you're looking for programmatic solutions to this it's likely something else is wrong. Make sure you won't need programmatic solutions by using tools to help manage credentials. #forwardengineering
    – todd_dsm
    Commented Nov 16, 2021 at 21:38
  • 1
    @ todd_dsm, Well I'm not trying avoid programmatic solutions; on the contrary I am searching for programmatic solutions. Also that program does not address the problem.
    – Shōgun8
    Commented Nov 18, 2021 at 19:48
6

At least in "Docker for Windows" you can see if you are logged in to docker hub over the UI. Just right click the docker icon in the windows notification area: Docker Logged in

Improve this answer
2
  • 1
    what about the docker versions without the GUI? or non-windows ?
    – Zameer Fouzan
    Commented Dec 19, 2018 at 12:33
  • 1
    Then you have to use one of the approaches from the other answers.
    – BaluJr.
    Commented Dec 19, 2018 at 14:42
5

If you want a simple true/false value, you can pipe your docker.json to jq.

is_logged_in() {
  cat ~/.docker/config.json | jq -r --arg url "${REPOSITORY_URL}" '.auths | has($url)'
}

if [[ "$(is_logged_in)" == "false" ]]; then
  # do stuff, log in
fi
Improve this answer
2
  • 5
    You can have jq return a proper exit code and then you don't need to do string comparisons: is_logged_in() { jq -e --arg url ${ADDRESS} '.auths | has($url)' ~/.docker/config.json > /dev/null; }; if is_logged_in; then ...
    – Guss
    Commented Apr 6, 2020 at 15:41
  • 1
    This only shows that you have logged in, not whether or not you are logged in. This returns true even if the session has expired.
    – oligofren
    Commented Dec 22, 2021 at 14:02
2

On Linux if you have the secretservice enabled via the credsStore option in your ~/.docker/config.json like below:

"credsStore": "secretservice",

then you will not see the credentials in the config.json. Instead you need to query the credentials using the docker-credential-desktop, see the below answer for more details:

How to know if docker is already logged in to a docker registry server

Improve this answer
1

Use command like below:

docker info | grep 'name'

WARNING: No swap limit support
Username: <strong>jonasm2009</strong>
Improve this answer
1
1

On windows you can inspect the login "authorizations" (auths) by looking at this file: [USER_HOME_DIR].docker\config.json

Example: c:\USERS\YOUR_USERANME.docker\config.json

It will look something like this for windows credentials

{
"auths": {
    "HOST_NAME_HERE": {},
    "https://index.docker.io/v1/": {}
},
"HttpHeaders": {
    "User-Agent": "Docker-Client/18.09.0 (windows)"
},
"credsStore": "wincred",
"stackOrchestrator": "swarm"
}
Improve this answer
1

In Azure Container Registry (ACR) following works as a login-check:

registry="contosoregistry.azurecr.io"
curl -v --header "Authorization: Bearer $access_token" https://$registry/v2/_catalog

If access token has expired, a HTTP/401 will be returned.

Options for getting an access token are from ~/.docker/config.json or requesting one from https://$registry/oauth2/token using a refresh token stored into Docker credStore: echo $registry | docker-credential-desktop get.

More information about refresh tokens and access tokens are at ACR integration docs.

Improve this answer
1

To many answers above is just about how to check login status manually. To do it from command line you can use the command below.

cat ~/.docker/config.json | jq '.auths["<MY_REGISTRY_HOSTNAME>"]' -e > /dev/null &&  echo "OK" ||  echo "ERR"

  1. Ensure you have jq command in your local. To test that run jq --version command. If you can't get an version output follow the directions from here to install it https://stedolan.github.io/jq/download/

  2. Replace <MY_REGISTRY_HOSTNAME> with your registry address.

  3. When you run it returns OK if you successfully login already otherwise ERR

NOTE: if you used a credential helper to login (e.g. google cloud auth tool for container registry) replace .auths keyword with .credHelpers

Improve this answer
1
  • I like the intent of this solution, but this doesn't cover the case where you've logged in previously, and for whatever reason, those credentials have expired.
    – Jon V
    Commented Oct 23, 2023 at 18:41
0

As pointed out by @Christian, best to try operation first then login only if necessary. Problem is that "if necessary" is not that obvious to do robustly. One approach is to compare the stderr of the docker operation with some strings that are known (by trial and error). For example, 

try "docker OPERATION"
if it failed: 
    capture the stderr of "docker OPERATION"
    if it ends with "no basic auth credentials": 
        try docker login
    else if it ends with "not found":
        fatal error: image name/tag probably incorrect
    else if it ends with <other stuff you care to trap>:
        ...
    else:
        fatal error: unknown cause

try docker OPERATION again
if this fails: you're SOL!
Improve this answer
0

Here's a powershell command to check if you have previously logged into the registry, making use of the file $HOME/.docker/config.json that others have mentioned:

(Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>"

This returns a True / False boolean, so can use as follows:

if ((Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>" ) {
    Write-Host Already logged into docker registry
} else {
    Write-Host Logging into docker registry
    docker login
}

If you want it to not fail if the file doesn't exist you need an extra check:

if ( (-Not (Test-Path $HOME/.docker/config.json)) -Or (-Not (Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>") )
{
    Write-Host Already logged into docker registry
} else {
    Write-Host Logging into docker registry
    docker login
}

I chose to use the -Not Statements because for some reason when you chain a command after a failed condition with -And instead of -Or the command errors out.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.