content/manuals/docker-hub/repos/manage/export.md
This guide shows you how to export a complete list of repositories from your Docker Hub organization, including private repositories. You'll use an Organization Access Token (OAT) to authenticate with the Docker Hub API and export repository details to a CSV file for reporting or analysis.
The exported data includes repository name, visibility status, last updated date, pull count, and star count.
Before you begin, ensure you have:
curl installed for making API requestsjq installed for JSON parsingOrganization access tokens let you authenticate API requests without interactive login steps.
Navigate to your organization in Docker Home and select Admin Console.
Select Access tokens from the sidebar.
Select Generate access token.
Configure the token permissions:
Copy the generated token and store it securely.
[!IMPORTANT]
If you only enable Read public repositories, the API will only return public repositories. To include private repositories in your export, you must explicitly add them to the token's repository permissions.
Exchange your organization access token for a JWT bearer token that you'll use for subsequent API requests.
Set your organization name and access token as variables:
ORG="<your-org>"
OAT="<your_org_access_token>"
Call the authentication endpoint to get a JWT:
TOKEN=$(
curl -s https://hub.docker.com/v2/users/login \
-H 'Content-Type: application/json' \
-d "{\"username\":\"$ORG\",\"password\":\"$OAT\"}" \
| jq -r '.token'
)
Verify the token was retrieved successfully:
$ echo "Got JWT: ${#TOKEN} chars"
You'll use this JWT as a Bearer token in the Authorization header for all
subsequent API calls.
The Docker Hub API paginates repository lists. This script retrieves all pages and combines the results.
Set the page size and initial API endpoint:
PAGE_SIZE=100
URL="https://hub.docker.com/v2/namespaces/$ORG/repositories?page_size=$PAGE_SIZE"
Paginate through all results:
ALL=$(
while [ -n "$URL" ] && [ "$URL" != "null" ]; do
RESP=$(curl -s "$URL" -H "Authorization: Bearer $TOKEN")
echo "$RESP" | jq -c '.results[]'
URL=$(echo "$RESP" | jq -r '.next')
done | jq -s '.'
)
Verify the number of repositories retrieved:
$ echo "$ALL" | jq 'length'
The script continues requesting the next URL from each response until
pagination is complete.
Generate a CSV file with repository details that you can open in spreadsheet applications.
Run the following command to create repos.csv:
echo "$ALL" | jq -r '
(["namespace","name","is_private","last_updated","pull_count","star_count"] | @csv),
(.[] | [
.namespace, .name, .is_private, .last_updated, (.pull_count//0), (.star_count//0)
] | @csv)
' > repos.csv
Verify the export completed:
$ echo "Rows:" $(wc -l < repos.csv)
Open the repos.csv file in your preferred
spreadsheet application to view and analyze your repository data.
Your organization access token may only have Read public repositories enabled, or it lacks permissions for specific private repositories.
To fix this:
Ensure you're using the JWT from the /v2/users/login endpoint as a
Bearer token in the Authorization header, not the organization access
token directly.
Verify your authentication:
$ curl -s "https://hub.docker.com/v2/namespaces/$ORG/repositories?page_size=1" \
-H "Authorization: Bearer $TOKEN" | jq
If this returns an error, re-run the authentication step to get a fresh JWT.
Organization access tokens are scoped to specific repositories you select during token creation. To export all repositories, you have two options:
The choice between these approaches depends on your organization's security policies.