Skip to content

Docker Hub

Container registry credentials#

From version 22.3, Tower supports the configuration of credentials for the Nextflow Wave container service to authenticate to private and public container registries. For more information on Wave containers, see here.


Container registry credentials are only leveraged by the Wave containers service. In order for your pipeline execution to leverage Wave containers, add wave { enabled=true } either to the Nextflow config field on the launch page, or to your nextflow.config file.

Docker Hub registry access#

You must use Docker Hub credentials with Read-only access to authenticate Tower to your registry. Docker Hub makes use of Personal Access Tokens (PATs) for authentication. Note that we do not currently support Docker Hub authentication using 2FA (two-factor authentication).

To create your access token in Docker Hub:

  1. Log in to Docker Hub.
  2. Select your username in the top right corner and select Account Settings.
  3. Select Security -> New Access Token.
  4. Enter a token description and select Read-only from the Access permissions drop-down menu, then select Generate.
  5. Copy and save the generated access token (this is only displayed once).

Add credentials to Tower#

  • From an organization workspace: navigate to the Credentials tab and select Add Credentials.

  • From your personal workspace: select Your credentials from the user top-right menu, then select Add credentials.

Property Description Example
Name A unique name for the credentials using alphanumeric characters, dashes, or underscores my-registry-creds
Provider Credential type Container registry
User name Your Docker username user1
Password Your Personal Access Token 1fcd02dc-...215bc3f3
Registry server The container registry hostname (excluding protocol)

Once the form is complete, select Add. The new credential is now listed under the Credentials tab.

Back to top