diff --git a/content/manuals/docker-hub/service-accounts.md b/content/manuals/docker-hub/service-accounts.md deleted file mode 100644 index 7d3150756590..000000000000 --- a/content/manuals/docker-hub/service-accounts.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -description: Docker Service accounts -keywords: Docker, service, accounts, Docker Hub -title: Service accounts -weight: 50 ---- - -{{% include "new-plans.md" %}} - -> [!IMPORTANT] -> -> As of December 10, 2024, Enhanced Service Account add-ons are no longer -> available. Existing Service Account agreements will be honored until their -> current term expires, but new purchases or renewals of Enhanced Service -> Account add-ons are no longer available and customers must renew under a new -> subscription. -> -> Docker recommends transitioning to [Organization Access Tokens -> (OATs)](/manuals/enterprise/security/access-tokens.md), which can provide similar -> functionality. - -A service account is a Docker ID used for automated management of container images or containerized applications. Service accounts are typically used in automated workflows, and don't share Docker IDs with the members in the organization. Common use cases for service accounts include mirroring content on Docker Hub, or tying in image pulls from your CI/CD process. - -## Enhanced Service Account add-on tiers - -Refer to the following table for details on the Enhanced Service Account add-ons: - -| Tier | Pull Rates Per Day\* | -| ------ | ------ | -| 1 | 5,000-10,000 | -| 2 | 10,000-25,000 | -| 3 | 25,000-50,000 | -| 4 | 50,000-100,000 | -| 5 | 100,000+ | - -*The service account may exceed Pulls by up to 25% for up to 20 days during the year without incurring additional fees. Reports on consumption are available upon request. \ No newline at end of file diff --git a/content/manuals/enterprise/security/access-tokens.md b/content/manuals/enterprise/security/access-tokens.md index 7ff876558c06..654916732df3 100644 --- a/content/manuals/enterprise/security/access-tokens.md +++ b/content/manuals/enterprise/security/access-tokens.md @@ -5,6 +5,8 @@ description: Create and manage organization access tokens to securely authentica keywords: organization access tokens, OAT, docker hub security, programmatic access, automation aliases: - /security/for-admins/access-tokens/ + - /docker-hub/service-accounts/ + - /manuals/docker-hub/service-accounts/ --- {{< summary-bar feature_name="OATs" >}} @@ -104,34 +106,6 @@ organization. - **Delete** 1. Select **Save** after making changes to a token. -## Migrate from service accounts - -[Enhanced Service Account add-ons](/manuals/docker-hub/service-accounts.md) -are deprecated and no longer available for -new purchases as of December 10, 2024. - -Organization access tokens provide a -modern, secure replacement with additional benefits: - -| Feature | Service accounts | Organization access tokens | -|---------|------------------|----------------------------| -| Authentication | Username/password | Organization name + token | -| Cost | Tiered add-on pricing | Included with subscription | -| Management | Individual account-based | Organization owner managed | -| Repository access | Full account access | Granular repository permissions | -| Security | Basic password auth | Token-based with expiration | -| Rate limits | Separate tiered limits | Organization subscription limits | - -### Migration steps - -To migrate from service accounts to OATs, use the following steps: - -1. Document current service accounts and their purposes. -1. Generate organization access tokens with appropriate repository permissions. -1. Replace service account credentials in your systems. -1. Validate all automated workflows work correctly. -1. Remove deprecated service account credentials. - ## Organization access token best practices - Regular token rotation: Set reasonable expiration dates and rotate tokens regularly to minimize security risks. diff --git a/content/manuals/retired.md b/content/manuals/retired.md index 38160de4d3fe..5660122d563a 100644 --- a/content/manuals/retired.md +++ b/content/manuals/retired.md @@ -8,6 +8,8 @@ params: sidebar: group: Products aliases: + - /docker-hub/service-accounts/ + - /manuals/docker-hub/service-accounts/ - /cloud/ - /cloud/aci-compose-features/ - /cloud/aci-container-features/ @@ -156,6 +158,18 @@ which led to the retirement of the Docker for GitHub Copilot extension. If you're looking for AI-assisted Docker workflows, explore the Docker MCP Toolkit and MCP Catalog, or use Ask Gordon in Docker Desktop and the Docker CLI. +### Enhanced Service Account add-ons + +Enhanced Service Account add-ons provided tiered pull rate limits for automated +workflows and service accounts accessing Docker Hub. + +Docker recommends transitioning to [Organization Access Tokens +(OATs)](/manuals/enterprise/security/access-tokens.md), which provide secure, +programmatic access to Docker Hub with granular repository permissions, token +expiration, and better security auditing. OATs are included with Docker Team +and Business subscriptions and offer similar functionality without requiring +separate add-on purchases. + ## Open source projects Several open-source projects originally maintained by Docker have been