Docker Hub Personal Access Token

Name: Docker Hub Personal Access Token
Creator: TestPattern Community
License: https://opensource.org/licenses/MIT

Detects Docker Hub personal access tokens (dckr_pat_ prefix). These tokens authenticate to Docker Hub and can pull/push images; a leak enables image tampering and supply-chain compromise.

Type: regex
Engine: universal
Confidence: high
Confidence justification: High confidence: the distinctive dckr_pat_ prefix makes false positives extremely unlikely; the body length is bounded to a plausible range.
Jurisdictions: global
Regulations: Criminal Code Act 1995 (Cth), Computer Fraud and Abuse Act, Computer Misuse Act 1990
Frameworks: CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories: credentials, security
Scope: narrow
Risk rating: 8
Platform compatibility: Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_-])dckr_pat_[A-Za-z0-9_-]{20,40}(?![A-Za-z0-9_-])

Corroborative evidence keywords

docker, docker hub, dockerhub, registry, docker login, access token

Proximity: 300 characters

Should match

dckr_pat_ABCDEFGHIJ1234567890abcdefgh — Docker Hub PAT, dckr_pat_ prefix + body
docker login -u user -p dckr_pat_zZyYxXwWvVuU0123456789-_abcdef — Docker Hub PAT passed to docker login
dckr_pat_aB3dE6gH9jK2mN5pQ8sTuVwXyZ012345 — Mixed-case Docker Hub PAT

Should not match

dckr_pat_short — Too short to be a Docker Hub PAT
ghp_ABCDEFGHIJ1234567890abcdefgh — GitHub token prefix, not Docker Hub
store your docker hub personal access token in CI secrets — Prose mention without a token value

Known false positives

Documentation or examples showing placeholder dckr_pat_ strings. Mitigation: Require corroborative Docker keywords and exclude placeholder markers.

References

Docker Hub personal access tokens