I'm not sure if I have already logged in to a docker registry in cmd line by using cmd: docker login. How can you test or see whether you are logged in or not, without trying to push?
517 Answers
Edit 2020
Referring back to the (closed) github issue, where it is pointed out, there is no actual session or state;
docker login actually isn't creating any sort of persistent session, it is only storing the user's credentials on disk so that when authentication is required it can read them to login
As others have pointed out, an auths entry/node is added to the ~/.docker/config.json file (this also works for private registries) after you succesfully login:
{ "auths": { "": {} }, ... When logging out, this entry is then removed:
$ docker logout Removing login credentials for Content of docker config.json after:
{ "auths": {}, ... This file can be parsed by your script or code to check your login status.
Alternative method (re-login)
You can login to docker with docker login <repository>
$ docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to to create one. Username: If you are already logged in, the prompt will look like:
$ docker login Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to to create one. Username (myusername): # <-- "myusername" For the original explanation for the ~/.docker/config.json, check question: how can I tell if I'm logged into a private docker registry
I use one of the following two ways for this check:
1: View config.json file:
In case you are logged in to "private.registry.com" you will see an entry for the same as following in ~/.docker/config.json:
"auths": { "private.registry.com": { "auth": "gibberishgibberishgibberishgibberishgibberishgibberish" } } 2: Try docker login once again:
If you are trying to see if you already have an active session with private.registry.com, try to login again:
bash$ docker login private.registry.com Username (logged-in-user): If you get an output like the above, it means logged-in-user already had an active session with private.registry.com. If you are just prompted for username instead, that would indicate that there's no active session.
You can do the following command to see the username you are logged in with and the registry used:
docker system info | grep -E 'Username|Registry' 2The answers here so far are not so useful:
docker infono longer provides this infodocker logoutis a major inconvenience - unless you already know the credentials and can easily re-logindocker loginresponse seems quite unreliable and not so easy to parse by the program
My solution that worked for me builds on @noobuntu's comment: I figured that if I already known the image that I want to pull, but I'm not sure if the user is already logged in, I can do this:
try pulling target image -> on failure: try logging in -> on failure: throw CannotLogInException -> on success: try pulling target image -> on failure: throw CannotPullImageException -> on success: (continue) -> on success: (continue) 2The docker cli credential scheme is unsurprisingly uncomplicated, just take a look:
cat ~/.docker/config.json
{ "auths": { "dockerregistry.myregistry.com": {}, "": {} This exists on Windows (use Get-Content ~\.docker\config.json) and you can also poke around the credential tool which also lists the username ... and I think you can even retrieve the password
. "C:\Program Files\Docker\Docker\resources\bin\docker-credential-wincred.exe" list
{"":"kcd"} 4At least in "Docker for Windows" you can see if you are logged in to docker hub over the UI. Just right click the docker icon in the windows notification area: 
For private registries, nothing is shown in docker info. However, the logout command will tell you if you were logged in:
$ docker logout private.example.com Not logged in to private.example.com (Though this will force you to log in again.)
0Just checked, today it looks like this:
$ docker login Authenticating with existing credentials... Login Succeeded NOTE: this is on a macOS with the latest version of Docker CE, docker-credential-helper - both installed with homebrew.
5If you want a simple true/false value, you can pipe your docker.json to jq.
is_logged_in() { cat ~/.docker/config.json | jq -r --arg url "${REPOSITORY_URL}" '.auths | has($url)' } if [[ "$(is_logged_in)" == "false" ]]; then # do stuff, log in fi 3Use command like below:
docker info | grep 'name' WARNING: No swap limit support Username: <strong>jonasm2009</strong> 1My AWS ECR build-script has:
ECR_HOSTNAME="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com" TOKEN=$(jq -r '.auths["'$ECR_HOSTNAME'"]["auth"]' ~/.docker/config.json) curl --fail --header "Authorization: Basic $TOKEN" If accessing ECR fails, a login is done:
aws ecr get-login-password --region ${REGION} | docker login --username AWS --password-stdin For this to work, a proper Docker credential store cannot be used. Default credentials store of ~/.docker/config.json is assumed.
On windows you can inspect the login "authorizations" (auths) by looking at this file: [USER_HOME_DIR].docker\config.json
Example: c:\USERS\YOUR_USERANME.docker\config.json
It will look something like this for windows credentials
{ "auths": { "HOST_NAME_HERE": {}, "": {} }, "HttpHeaders": { "User-Agent": "Docker-Client/18.09.0 (windows)" }, "credsStore": "wincred", "stackOrchestrator": "swarm" } In Azure Container Registry (ACR) following works as a login-check:
registry="contosoregistry.azurecr.io" curl -v --header "Authorization: Bearer $access_token" If access token has expired, a HTTP/401 will be returned.
Options for getting an access token are from ~/.docker/config.json or requesting one from using a refresh token stored into Docker credStore: echo $registry | docker-credential-desktop get.
More information about refresh tokens and access tokens are at ACR integration docs.
As pointed out by @Christian, best to try operation first then login only if necessary. Problem is that "if necessary" is not that obvious to do robustly. One approach is to compare the stderr of the docker operation with some strings that are known (by trial and error). For example,
try "docker OPERATION" if it failed: capture the stderr of "docker OPERATION" if it ends with "no basic auth credentials": try docker login else if it ends with "not found": fatal error: image name/tag probably incorrect else if it ends with <other stuff you care to trap>: ... else: fatal error: unknown cause try docker OPERATION again if this fails: you're SOL! On Linux if you have the secretservice enabled via the credsStore option in your ~/.docker/config.json like below:
"credsStore": "secretservice", then you will not see the credentials in the config.json. Instead you need to query the credentials using the docker-credential-desktop, see the below answer for more details:
How to know if docker is already logged in to a docker registry server
Here's a powershell powershell command to check if you have previously logged into the registry, making use of the file $HOME/.docker/config.json that others have mentioned:
(Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>" This returns a True / False boolean, so can use as follows:
if ((Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>" ) { Write-Host Already logged into docker registry } else { Write-Host Logging into docker registry docker login } If you want it to not fail if the file doesn't exist you need an extra check:
if ( (-Not (Test-Path $HOME/.docker/config.json)) -Or (-Not (Get-Content $HOME/.docker/config.json | ConvertFrom-Json).auths.PSobject.Properties.name -Contains "<registry_url>") ) { Write-Host Already logged into docker registry } else { Write-Host Logging into docker registry docker login } I chose to use the -Not Statements because for some reason when you chain a command after a failed condition with -And instead of -Or the command errors out.
docker info | grep Username This should print the login user.
1