@@ -142,6 +142,20 @@ property is not set, the client falls back to the default table

 format. For a list of supported formatting directives, see

 [**Formatting** section in the `docker stats` documentation](stats.md)

+The property `credsStore` specifies an external binary to serve as the default

+credential store. When this property is set, `docker login` will attempt to

+store credentials in the binary specified by `docker-credential-<value>` which

+is visible on `$PATH`. If this property is not set, credentials will be stored

+in the `auths` property of the config. For more information, see the

+[**Credentials store** section in the `docker login` documentation](login.md#credentials-store)

+

+The property `credHelpers` specifies a set of credential helpers to use

+preferentially over `credsStore` or `auths` when storing and retrieving

+credentials for specific registries. If this property is set, the binary

+`docker-credential-<value>` will be used when storing or retrieving credentials

+for a specific registry. For more information, see the

+[**Credential helpers** section in the `docker login` documentation](login.md#credential-helpers)

+

 Once attached to a container, users detach from it and leave it running using

 the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable

 using the `detachKeys` property. Specify a `<sequence>` value for the

@@ -171,7 +185,12 @@ Following is a sample `config.json` file:

       "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}",

       "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}",

       "serviceInspectFormat": "pretty",

-      "detachKeys": "ctrl-e,e"

+      "detachKeys": "ctrl-e,e",

+      "credsStore": "secretservice",

+      "credHelpers": {

+        "awesomereg.example.org": "hip-star",

+        "unicorn.example.com": "vcbait"

+      }

     }

     {% endraw %}

@@ -63,7 +63,9 @@ you can download them from:

 ### Usage

 You need to specify the credentials store in `$HOME/.docker/config.json`

-to tell the docker engine to use it:

+to tell the docker engine to use it. The value of the config property should be

+the suffix of the program to use (i.e. everything after `docker-credential-`).

+For example, to use `docker-credential-osxkeychain`:

 ```json

 {

@@ -120,3 +122,31 @@ an example of that payload: `https://index.docker.io/v1`.

 The `erase` command can write error messages to `STDOUT` that the docker engine

 will show if there was an issue.

+

+## Credential helpers

+

+Credential helpers are similar to the credential store above, but act as the

+designated programs to handle credentials for *specific registries*. The default

+credential store (`credsStore` or the config file itself) will not be used for

+operations concerning credentials of the specified registries.

+

+### Usage

+

+If you are currently logged in, run `docker logout` to remove

+the credentials from the default store.

+

+Credential helpers are specified in a similar way to `credsStore`, but

+allow for multiple helpers to be configured at a time. Keys specify the

+registry domain, and values specify the suffix of the program to use

+(i.e. everything after `docker-credential-`).

+For example:

+

+```json

+{

+  "credHelpers": {

+    "registry.example.com": "registryhelper",

+    "awesomereg.example.org": "hip-star",

+    "unicorn.example.io": "vcbait"

+  }

+}

+```