What This Error Means
Docker denied access because the repository path is wrong, the image is private, or the provided credentials do not have permission.
How to Fix It
Double-check the full image reference first, including registry host, namespace, and repository name.
Login to the exact registry host:docker login <registry>
If you are pushing, confirm the repository exists and that your token has write permission.
If you are pulling, confirm the image path is correct before treating it as an auth problem.
If this happens in CI, print the resolved image reference and verify the injected secrets are not empty.
Why It Happens
The repository or namespace in the image reference is wrong.
The repository exists, but your account or token does not have pull or push permission.
The image is private and the request is effectively anonymous or authenticated as the wrong account.
How to Verify
Retry the pull or push and confirm it succeeds.
Run docker logout then docker login to validate credentials explicitly.
Manual authentication checks
Compare the failing image reference with the repository path shown in your registry UI.
Check whether the repository is public, private, or missing entirely.
Validate which account or token the environment is actually using for the registry host.
Examples
Error response from daemon: pull access denied for <image>, repository does not exist or may require "docker login": denied: requested access to the resource is denied
unauthorized: authentication required
unauthorized: incorrect username or passwordHow registry authentication works
Docker authenticates to a registry host, then asks for manifests and layers for a specific repository path.
If the path is wrong or the authenticated identity lacks access, the registry returns an authorization error.
Prevention Tips
Use scoped tokens for CI and rotate them regularly.
Use a proxy or cache registry to minimize credential prompts across environments.