User Credential Storage

Overview

All user information is stored in the Anchore DB. Credentials are stored in hashed form using the Argon2 hashing algorithm.

Basic Authentication

Users authenticate with a username and password. On successful authentication, Anchore issues an OAuth2 bearer token that is used for subsequent requests. Passwords are never stored in plain text.

OAuth2

Anchore uses OAuth2 bearer tokens for all authenticated communication, including API access, inter-service calls, and SSO. Tokens are generated upon successful authentication and are never persisted in the database.

All Anchore services must share a common secret or public/private keypair for signing and verifying tokens. See Token Configuration for details.

Last modified June 16, 2026