Docker Connector Settings Reference
This topic provides settings and permissions for the Docker connector. You can use this connector to connect to DockerHub, Harbor, Quay, and other Docker V2 compliant container registries, such as GitHub Container Registry.
- Docker registry rate limits: Harness is restricted by the limits of the Docker repo, such as Docker Hub limits for pulling Docker images from Docker repos.
- Docker Registries in Cloud Platforms: The Docker connector is platform-agnostic and can be used to connect to any Docker container registry. Harness also provides first class support for registries in AWS and GAR through AWS connectors and Google Cloud Platform (GCP) connectors.
- Docker base image connection rate limits: When using Docker as a Base Image Connector, select the Docker connector to be used for the base image pull. This capability is generally available. Ensure you use the correct Docker Registry URL and API version; see the guidance below and the CI FAQ on why Build and Push steps don't support V2 API URLs.
Create a Docker connector
- Visual editor
- YAML editor
- In Harness, go to Account Settings, Organization Settings, or Project Settings, depending on the scope at which you want to create the connector.
- Select Connectors, select New Connector, and then select the Docker Registry connector.
- Configure the Docker connector settings using the guidance provided in the sections below.
- Select Save and Continue, wait for the connectivity test to run, and then select Finish.
- In the list of connectors, make a note of your Docker connector's ID. When you need to reference this connector, use this ID in your pipeline YAML, such as connectorRef: docker_connector_ID.
You can create Docker connectors in the YAML editor. For example:
connector:
  name: My Docker Connector
  identifier: mydockerconnector
  description: ""
  orgIdentifier: default
  projectIdentifier: default
  type: DockerRegistry
  spec:
    dockerRegistryUrl: https://docker.dev.harness.io/v2/
    providerType: DockerHub
    auth:
      type: Anonymous
    executeOnDelegate: true
Connector metadata settings
- Name: Enter a name for this connector. Harness creates an ID based on the name.
- Description: Optional text string.
- Tags: Optional tags.
Provider type
Select the Docker registry platform: DockerHub, Harbor, Quay or Other.
If you select Other, the registry must be Docker V2 compliant.
Docker Registry URL
The URL of the Docker registry. This is usually the URL used for your docker login credentials.
- To connect to a public Docker Hub registry, use https://index.docker.io/v2/.
- To connect to a private Docker Hub registry, use https://index.docker.io/v1/. If you are running into authentication issues, such as an anonymous account is used, even though a valid Docker Registry and credentials are used, learn why this happens.
- For other Docker registries, provide the relevant URL for your container registry provider. For example:
- For GitHub Container Registry, provide the GHCR hostname and namespace, such as https://ghcr.io/NAMESPACE. The namespace is the name of a GitHub personal account or organization.
- For JFrog Artifactory Docker registries, provide your JFrog instance URL, such as https://mycompany.jfrog.io. You can get this URL from thedocker-logincommand on your repo's Set Me Up page.
- For Sonatype Nexus Docker registries, provide the Nexus instance URL, such as <nexus-hostname>:<repository-port>or<subdomain>.<nexus-hostname>. For more information, see the Sonatype Nexus Docker Authentication documentation.
 
- For GitHub Container Registry, provide the GHCR hostname and namespace, such as 
Harness Artifact Registry (HAR) Configuration
When using the Docker Connector with Harness Artifact Registry (HAR), it's important to configure the registry URL and image names correctly to ensure seamless operation.
- Correct URL Format: Set the registry URL to https://pkg.harness.io/. Avoid including the registry name in the URL to prevent validation errors.
- Fully Qualified Image Name: Provide the fully qualified image name within the step configuration, such as pkg.qa.harness.io/<account-id>/harness/<registry-name>.
- Deprecated Source Type: If using a deprecated source type, such as "image" in YAML configurations, ensure the configuration is updated to the current standard to avoid potential issues. For example, if you previously used sourceType: image, update it to the current standard likesourceType: container.
SBOM (Software Bill of Materials) Policy Enforcement: Ensure the registry URL is correctly configured to avoid hard-coded URL issues.
SLSA (Supply-chain Levels for Software Artifacts) Verification Authentication: Double-check the authentication settings if encountering errors.
Authentication
You can authenticate anonymously or by username and password.
- Username and password
- Anonymous
- Username: Enter the username for your Docker registry account.
- Password: Provide a Harness encrypted text secret containing the password or token corresponding with the Username.
- For Docker Hub and GHCR, use a personal access token with Read, Write, Delete permissions.
- For JFrog Docker registries, provide a password.
 
Make sure the connected user account has read permission for all repositories as well as access and permissions to pull images and list images and tags.
For more information, go to the Docker documentation on Docker Permissions.
Select Anonymous to pull images from public Docker registries with anonymous access. This option can encounter issues with limits, such as Docker Hub rate limiting.
If you use anonymous access with a Kubernetes deployment, make sure imagePullSecrets is removed from the container specification. This is standard Kubernetes behavior and not related to Harness specifically.
Select connectivity mode
You can connect through a Harness Delegate or the Harness Platform. If you plan to use this connector with Harness Cloud build infrastructure, you must select Connect through Harness Platform.
The Secure Connect option is for Secure Connect with Harness Cloud.
The Docker connector currently does not support OpenID Connect (OIDC) for authentication, limiting integration with OIDC-compliant identity providers