Sonatype's Nexus is an artifact repository for a variety of formats (e.g., Maven, npm, Nuget, etc.), but I use it primarily for Docker. I cache all the images that I use¹ not only for speed but also to keep a copy that I can control the life of. Once it's set up, it usually enters into that "forget it" step. However for dumb-dumb reasons of my own doing, I needed to re-configure my install.

I ran into this last time, and I ran into it again this time. For a hot minute, I could not login to the repository from via docker login; I kept getting a 401 Unauthorized. From the last time I set it up, I remembered there was something completely unintuitive that I needed to do. I figured it out again, and it takes less than 30 seconds to fix. Why Sonatype doesn't set this up automatically when you add a Docker repo, I don't know.

Anyways, for both you and future!me:

You have to mark the Docker Bearer Token Realm as Active.

To do so,

1. Login as an administrator.
2. Click Settings, then expand the Security section. Click Realms.
3. Click the ➕ next to "Docker Bearer Token Realm". It should move to the "Active" column.
4. Click Save, then try to docker login again.

And that's it.

1. Maybe not all the images, but everything from Dockerhub (including, and especially, the library), ghcr.io, and lscr.io. ↩