# chainctl auth configure-docker

URL: https://edu.chainguard.dev/chainguard/chainctl/chainctl-docs/chainctl_auth_configure-docker.md
Last Modified: April 30, 2026
Tags: chainctl, Reference, Product

 chainctl auth configure-docker Configure a Docker credential helper
chainctl auth configure-docker [flags] Options --headless Skip browser authentication and use device flow. --identity string The unique ID of the identity to assume when logging in. --identity-provider string The unique ID of the customer managed identity provider to authenticate with --identity-token string Use an explicit passed identity token or token path. --name string Optional name for the pull token (default &#34;pull-token&#34;) --org-name string Organization to use for authentication. If configured the organization&#39;s custom identity provider will be used --parent string The IAM organization or folder with which the pull-token identity is associated. --pull-token Whether to register a pull token that can pull images --save If true with --pull-token, save the pull token to the Docker config --social-login string Which of the default identity providers to use for authentication. Must be one of: email, google, github, gitlab --ttl ns Time To Live for the validity of the pull token. Valid unit strings range from nanoseconds to hours and are ns, `us`, `ms`, `s`, `m`, and `h`. Maximum value is 8760h or one year. (default 720h0m0s) Options inherited from parent commands --api string The url of the Chainguard platform API. (default &#34;https://console-api.enforce.dev&#34;) --audience string The Chainguard token audience to request. (default &#34;https://console-api.enforce.dev&#34;) --config string A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly. --console string The url of the Chainguard platform Console. (default &#34;https://console.chainguard.dev&#34;) --force-color Force color output even when stdout is not a TTY. -h, --help Help for chainctl --issuer string The url of the Chainguard STS endpoint. (default &#34;https://issuer.enforce.dev&#34;) --log-level string Set the log level (debug, info) (default &#34;ERROR&#34;) -o, --output string Output format. One of: [csv, env, go-template, id, json, markdown, none, table, terse, tree, wide] -v, --v int Set the log verbosity level. SEE ALSO chainctl auth	- Auth related commands for the Chainguard platform.