---
# generated by https://github.com/hashicorp/terraform-plugin-docs
layout: ""
page_title: "Provider: Docker"
description: |-
  The Docker provider is used to interact with Docker resources, like containers, images, service etc.
---

# Docker Provider

The Docker provider is used to interact with Docker containers and images.
It uses the Docker API to manage the lifecycle of Docker containers. Because
the Docker provider uses the Docker API, it is immediately compatible not
only with single server Docker but Swarm and any additional Docker-compatible
API hosts.

Use the navigation to the left to read about the available resources.

## Example Usage

Terraform 0.13 and later:

{{tffile "examples/provider/provider-tf13.tf"}}

## Remote Hosts
You can also use the `ssh` protocol to connect to the docker host on a remote machine.
The configuration would look as follows:

{{tffile "examples/provider/provider-ssh.tf"}}

When using a remote host, the daemon configuration on the remote host can apply default configuration to your resources when running `terraform apply`, for example by appling log options to containers. When running `terraform plan` the next time, it will show up as a diff. In such cases it is recommended to use the `ignore_changes` lifecycle meta-argument to ignore the changing attribute (See [this issue](https://github.com/kreuzwerker/terraform-provider-docker/issues/473) for more information).

## Disabling Docker Daemon Checking

The `docker_registry_image` `data_source` and `resource` do not require a connection to the Docker daemon. If you want to use those in an environment without a Docker daemon, you can disable the
connection check by setting the `disable_docker_daemon_check` argument to `true`. Be careful, this will break the provider for any resources that require a connection to the Docker daemon.

## Registry credentials

Registry credentials can be provided on a per-registry basis with the `registry_auth`
field, passing either a config file or the username/password directly.
Please make sure, that you pass in the correct `address`. For example for ECR, the `registry_auth.address` should be of format `<id>.dkr.ecr.<zone>.amazonaws.com`. AWS ECR resource gives `ecr_url` which includes image name `<id>.dkr.ecr.<zone>.amazonaws.com/<image-name>`. So if you use ecr_url make a split `split("/", ecr_url)[0]` to be used in `registry_auth.address`.
If you want to use an insecure http registry, please explicitly specify the `address` with the `http` protocol.

-> **Note**
The config file is loaded from the machine `terraform` runs on. This also applies when the specified docker host is on another machine.

{{tffile "examples/provider/provider-credentials.tf"}}

-> **Note**
When passing in a config file either the corresponding `auth` string of the repository is read or the os specific
[credential helpers](https://github.com/docker/docker-credential-helpers#available-programs) are
used to retrieve the authentication credentials.

-> **Note**
`config_file` has predence over all other options. You can theoretically specify values for every attribute but the credentials obtained through the `config_file` will override the manually set `username`/`password`

You can still use the environment variables `DOCKER_REGISTRY_USER` and `DOCKER_REGISTRY_PASS`.

An example content of the file `~/.docker/config.json` on macOS may look like follows:

{{codefile "json" "examples/provider/provider-docker-config.json"}}

## Certificate information

Specify certificate information either with a directory or
directly with the content of the files for connecting to the Docker host via TLS.

{{tffile "examples/provider/provider-cert.tf"}}

{{ .SchemaMarkdown | trimspace }}