What is Settings Management?

メモ

Settings Management is available to Docker Business customers only.

Settings Management helps you control key Docker Desktop settings, like proxies and network configurations, on your developers' machines within your organization.

For an extra layer of security, you can also use Settings Management to enable and lock in Enhanced Container Isolation, which prevents containers from modifying any Settings Management configurations.

Who is it for?

  • For organizations that want to configure Docker Desktop to be within their organization's centralized control.
  • For organizations that want to create a standardized Docker Desktop environment at scale.
  • For Docker Business customers who want to confidently manage their use of Docker Desktop within tightly regulated environments.

How does it work?

You can configure several Docker Desktop settings using either:

  • An admin-settings.json file. This file is located on the Docker Desktop host and can only be accessed by developers with root or administrator privileges.
  • Creating a settings policy in the Docker Admin Console

Settings that are defined by an administrator override any previous values set by developers and ensure that these cannot be modified.

What features can I configure with Settings Management?

Using the admin-settings.json file, you can:

  • Turn on and lock in Enhanced Container Isolation
  • Configure HTTP proxies
  • Configure network settings
  • Configure Kubernetes settings
  • Enforce the use of WSL 2 based engine or Hyper-V
  • Enforce the use of Rosetta for x86_64/amd64 emulation on Apple Silicon
  • Configure Docker Engine
  • Turn off Docker Desktop's ability to checks for updates
  • Turn off Docker Extensions
  • Turn off Docker Scout SBOM indexing
  • Turn off beta and experimental features
  • Turn off Docker Desktop's onboarding survey
  • Control whether developers can use the Docker terminal
  • Control the file sharing implementation for your developers on macOS
  • Specify which paths your developers can add file shares to
  • Configure Air-gapped containers

For more details on the syntax and options, see Configure Settings Management.

How do I set up and enforce Settings Management?

You first need to enforce sign-in to ensure that all Docker Desktop developers authenticate with your organization. Since the Settings Management feature requires a Docker Business subscription, enforced sign-in guarantees that only authenticated users have access and that the feature consistently takes effect across all users, even though it may still work without enforced sign-in.

Next, you must either:

Once this is done, Docker Desktop developers receive the changed settings when they either:

  • Quit, re-launch, and sign in to Docker Desktop
  • Launch and sign in to Docker Desktop for the first time

To avoid disrupting your developers' workflows, Docker doesn't automatically require that developers re-launch and re-authenticate once a change has been made.

What do developers see when the settings are enforced?

Enforced settings appear grayed out in Docker Desktop. They can't be edited via the Docker Desktop Dashboard, CLI, or settings-store.json (or settings.json for Docker Desktop 4.34 and earlier).

In addition, if Enhanced Container Isolation is enforced, developers can't use privileged containers or similar techniques to modify enforced settings within the Docker Desktop Linux VM. For example, they can't reconfigure proxy and networking, or Docker Engine.

Proxy settings grayed out

What's next?