How to use docker logout command to log out from a registry

Introduction

In this lab, we will learn how to use the docker logout command to securely log out from Docker registries. We will begin by understanding the purpose of the docker logout command and why it's important to remove saved credentials. We will then explore how to log out from the default Docker registry (Docker Hub) and finally, how to log out from a specific, non-default registry. This hands-on lab will guide you through the practical steps of managing your Docker registry login sessions.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL docker(("Docker")) -.-> docker/SystemManagementGroup(["System Management"]) docker/SystemManagementGroup -.-> docker/login("Log into Docker Registry") docker/SystemManagementGroup -.-> docker/logout("Log out from Docker Registry") subgraph Lab Skills docker/login -.-> lab-555167{{"How to use docker logout command to log out from a registry"}} docker/logout -.-> lab-555167{{"How to use docker logout command to log out from a registry"}} end

Understand the purpose of docker logout

In this step, we will understand the purpose of the docker logout command. When you log in to a Docker registry using the docker login command, your credentials are saved on your system. This allows you to push and pull images from the registry without re-entering your username and password each time. However, for security reasons, especially in shared environments or after completing your work, it's important to log out of the registry. The docker logout command is used to remove these saved credentials.

Let's first check if you are currently logged in to any Docker registry. You can do this by trying to pull an image that requires authentication, or by checking the configuration file where Docker stores credentials. The default location for Docker configuration is ~/.docker/config.json.

You can view the content of this file using the cat command:

cat ~/.docker/config.json

If you are logged in, you will see a section like "auths": { ... } containing information about the registries you are logged into and encrypted credentials. If you are not logged in, the auths section might be empty or missing.

The docker logout command is straightforward. When executed without any arguments, it logs you out of the default Docker registry, which is typically Docker Hub.

Let's simulate a login (we won't actually log in here, as the focus is on understanding logout) and then understand how docker logout would work. Imagine you had just run docker login. Your ~/.docker/config.json file would be updated with your login information.

Now, to log out from the default registry (Docker Hub), you would simply run:

docker logout

After running this command, Docker will remove the credentials for the default registry from your ~/.docker/config.json file. This means you will need to log in again to push or pull images from Docker Hub that require authentication.

In the next steps, we will actually perform login and logout operations to see the effect of the docker logout command.

Log out from the default registry

In this step, we will practice logging out from the default Docker registry, which is Docker Hub. Although we haven't explicitly logged in in this lab environment, the docker logout command is designed to remove existing credentials. Running docker logout when not logged in will result in a message indicating that you are not logged in. This is the expected behavior and confirms that the command is working correctly to check and potentially remove credentials.

First, let's attempt to log out from the default registry. Open your terminal in the ~/project directory and execute the following command:

docker logout

You should see output similar to this:

Not logged in to any registry

This message confirms that there were no saved credentials for the default registry (Docker Hub) in your ~/.docker/config.json file. If you had been logged in, the output would indicate a successful logout.

To further understand the effect of docker logout, let's examine the ~/.docker/config.json file again after attempting to log out.

cat ~/.docker/config.json

You will observe that the auths section, if it existed and contained credentials for the default registry, would now be empty or the entry for https://index.docker.io/v1/ would be removed. Since we were not logged in, the file's content should remain the same as before, likely with an empty or missing auths section.

This step demonstrates the basic usage of docker logout without any arguments, which targets the default Docker Hub registry. In the next step, we will explore how to log out from a specific, non-default registry.

Log out from a specific registry

In this step, we will learn how to log out from a specific Docker registry other than the default Docker Hub. This is useful when you are working with multiple registries, such as a private company registry or a cloud provider's container registry.

To log out from a specific registry, you need to provide the registry's hostname as an argument to the docker logout command.

Since we don't have a specific private registry set up in this lab, we will use a hypothetical example to demonstrate the command's syntax. Imagine you were logged into a registry located at my-private-registry.example.com. To log out from this specific registry, you would use the following command:

docker logout my-private-registry.example.com

When you execute this command, Docker will look for the credentials associated with my-private-registry.example.com in your ~/.docker/config.json file and remove them. If you were not logged in to that specific registry, Docker would inform you.

Let's simulate this by attempting to log out from a non-existent registry. This will show you the command structure and the expected output when the registry is not found in your configuration.

docker logout non-existent-registry.example.com

You will likely see output similar to this:

Not logged in to non-existent-registry.example.com

This message confirms that Docker attempted to find and remove credentials for non-existent-registry.example.com but did not find any.

The ability to log out from specific registries is important for managing access to different image sources and maintaining security by removing unnecessary saved credentials.

To summarize, docker logout without arguments logs you out of the default Docker Hub, while docker logout <registry-hostname> logs you out of a specific registry.

Summary

In this lab, we learned the purpose of the docker logout command, which is essential for removing saved Docker registry credentials for security reasons. We understood that after logging in with docker login, credentials are stored in ~/.docker/config.json. We learned how to check this file to see if we are logged in.

We then focused on the docker logout command itself. We learned that running docker logout without arguments logs you out of the default Docker registry (Docker Hub) by removing its credentials from the configuration file. This ensures that subsequent operations requiring authentication with the default registry will necessitate a new login.