Skip to content
Latchkey

Nexus Docker "unauthorized: access to the requested resource is not authorized" in CI

The Docker client authenticated against the wrong endpoint or Nexus could not issue a bearer token. Nexus Docker repos expose a dedicated HTTP connector port, and the Docker Bearer Token Realm must be active for docker login to work.

What this error means

docker push or pull fails with "unauthorized: access to the requested resource is not authorized" even though docker login reported success, or after logging in to the wrong port.

Docker
unauthorized: access to the requested resource is not authorized
# often after:
docker login nexus.example.com   # (wrong: this is the UI port, not the docker connector)

Common causes

Logging in to the UI port, not the Docker connector

Nexus serves the Docker registry on a repository connector port (for example 8082) or a path. Logging in to the main UI host/port does not grant the Docker registry a token.

Docker Bearer Token Realm not enabled

Nexus needs the "Docker Bearer Token Realm" active under Security, Realms for token-based docker auth; without it, docker login cannot obtain a usable token.

How to fix it

Log in to the Docker connector host:port

  1. Find the Docker repository connector port in Nexus (repository settings, HTTP connector).
  2. docker login to that host:port with the Nexus credentials from secrets.
  3. Tag and push using the same host:port.
Terminal
echo "$NEXUS_PASSWORD" | docker login nexus.example.com:8082 \
  -u "$NEXUS_USERNAME" --password-stdin
docker tag app nexus.example.com:8082/app:1.2.0
docker push nexus.example.com:8082/app:1.2.0

Enable the Docker Bearer Token Realm

In Nexus, Security, Realms, add "Docker Bearer Token Realm" to the active realms so docker login can mint tokens.

How to prevent it

  • Use the Docker connector port (not the UI port) for docker login/push.
  • Keep the Docker Bearer Token Realm enabled.
  • Store Nexus docker credentials as CI secrets.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →