---
title: Docker provider
description: Provides inventory information from Docker. Elastic Agent uses the Docker provider to automatically discover containers and build input configurations...
url: https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6573/reference/fleet/docker-provider
products:
  - Elastic Agent
  - Fleet
applies_to:
  - Elastic Cloud Serverless: Generally available
  - Elastic Stack: Generally available
---

# Docker provider
Provides inventory information from Docker. Elastic Agent uses the Docker provider to automatically discover containers and build input configurations. It is also responsible for enriching events with container metadata through the [`add_docker_metadata` processor](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6573/reference/fleet/add_docker_metadata-processor), which it applies by default to all inputs it generates.

## Provider configuration

```yaml
providers.docker:
  host: "unix:///var/run/docker.sock" 
  cleanup_timeout: 60s
  ssl:
    certificate_authority: "/etc/pki/root/ca.pem"
    certificate:           "/etc/pki/client/cert.pem"
    key:                   "/etc/pki/client/cert.key"
```

<definitions>
  <definition term="host">
    (Optional) Docker socket (UNIX or TCP socket). Defaults to `unix:///var/run/docker.sock`.
  </definition>
  <definition term="ssl">
    (Optional) SSL configuration for connecting to Docker over TLS. For available settings, refer to [SSL/TLS](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/6573/reference/fleet/elastic-agent-ssl-configuration).
  </definition>
  <definition term="cleanup_timeout">
    (Optional) Time of inactivity before container metadata is cleaned up. Defaults to `60s`.
  </definition>
</definitions>


## Available variables

The available dynamic variables are:

| Key                           | Type     | Description             |
|-------------------------------|----------|-------------------------|
| `docker.container.id`         | `string` | ID of the container     |
| `docker.container.name`       | `string` | Name of the container   |
| `docker.container.image.name` | `string` | Image of the container  |
| `docker.container.labels`     | `object` | Labels of the container |


### Working with labels

Label keys are available as variables using their original names, including dots. For example, for a container with the label `com.docker.compose.service=redis`, you can reference it as `${docker.container.labels.com.docker.compose.service}`.
However, when the Docker provider enriches events using the `add_docker_metadata` processor, dots in label keys are replaced with underscores by default (`labels.dedot: true`). This means that in the resulting Elasticsearch document, the same label is stored as `container.labels.com_docker_compose_service`.

| Context                                                     | Label key format                                                      |
|-------------------------------------------------------------|-----------------------------------------------------------------------|
| Variable reference in the configuration template (`${...}`) | Dots preserved — `docker.container.labels.com.docker.compose.service` |
| Field in the event/Elasticsearch document                   | Dots replaced by `_` — `container.labels.com_docker_compose_service`  |

For more details on the label behavior, refer to [Working with labels](/elastic/docs-content/pull/6573/reference/fleet/add_docker_metadata-processor#labels-dedot-behavior) in the `add_docker_metadata` processor documentation.
To set the container ID dynamically in the configuration, use a variable in the Elastic Agent policy to return container ID information from the provider:
```yaml
inputs:
  - id: 'docker-container-logs-${docker.container.id}'
    type: filestream
    paths:
      - '/var/lib/docker/containers/${docker.container.id}/*-json.log'
```

Sample of the policy generated by this configuration will look like:
```yaml
inputs:
  - id: docker-container-logs-b9b898d9c2a1126384d38e9f857b3985480cd05c8e74ffc8b628d92245f5a103
    streams:
      paths:
      - /var/lib/docker/containers/b9b898d9c2a1126384d38e9f857b3985480cd05c8e74ffc8b628d92245f5a103/*-json.log
    processors:
    - add_fields:
        fields:
          id: b9b898d9c2a1126384d38e9f857b3985480cd05c8e74ffc8b628d92245f5a103
          image: image-name:latest
          labels:
            key: value
          name: container-name
        target: container
  - id: docker-container-596bbd114498253985e6a5c4f0f7bf2d9eb8fcd4fe3e6cb53bdfba0cdc7036c8
    type: filestream
    streams:
      paths:
      - /var/lib/docker/containers/596bbd114498253985e6a5c4f0f7bf2d9eb8fcd4fe3e6cb53bdfba0cdc7036c8/*-json.log
    processors:
    - add_fields:
        fields:
          id: 596bbd114498253985e6a5c4f0f7bf2d9eb8fcd4fe3e6cb53bdfba0cdc7036c8
          image: other-image-name:latest
          labels:
            key: value
          name: other-container-name
        target: container
```

<note>
  Docker provider ensures that each docker container event is enriched with the container’s metadata, and hence the inputs will be populated with the `add_fields` processor which will be responsible for adding the proper container’s metadata.
</note>