diff --git a/molgenis-jenkins/README.md b/molgenis-jenkins/README.md
index dcb1a3c..0e18137 100644
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@@ -57,14 +57,15 @@ There is one additional group of configuration items specific for this chart, so
    Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
    in the slave pods.
 
-   | Parameter                          | Description                              | Default         |
-   | ---------------------------------- | ---------------------------------------- | --------------- |
-   | `PipelineSecrets.Env.Replace`      | Replace molgenis-pipeline-env secret     | `true`          |
-   | `PipelineSecrets.Env.PGPPassphrase`| passphrase for the pgp signing key       | `literal:xxxx`  |
-   | `PipelineSecrets.Env.CodecovToken` | token for codecov.io                     | `xxxx`          |
-   | `PipelineSecrets.Env.GitHubToken`  | token for GH molgenis-jenkins user       | `xxxx`          |
-   | `PipelineSecrets.Env.NexusPassword`| token for molgenis-jenkins user in NEXUS | `xxxx`          |
-   | `PipelineSecrets.Env.SonarToken`   | token for sonarcloud.io                  | `xxxx`          |                                                            |
+   | Parameter                              | Description                               | Default         |
+   | -------------------------------------- | ----------------------------------------- | --------------- |
+   | `PipelineSecrets.Env.Replace`          | Replace molgenis-pipeline-env secret      | `true`          |
+   | `PipelineSecrets.Env.PGPPassphrase`    | passphrase for the pgp signing key        | `literal:xxxx`  |
+   | `PipelineSecrets.Env.CodecovToken`     | token for codecov.io                      | `xxxx`          |
+   | `PipelineSecrets.Env.GitHubToken`      | token for GH molgenis-jenkins user        | `xxxx`          |
+   | `PipelineSecrets.Env.NexusPassword`    | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
+   | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx`          |
+   | `PipelineSecrets.Env.SonarToken`       | token for sonarcloud.io                   | `xxxx`          |                                                            |
 
 * File
 
@@ -88,5 +89,5 @@ For example,
 $ helm install --name jenkins -f values.yaml molgenis-jenkins
 ```
 
-> **Tip**: You can use the default [values.yaml](values.yaml) 
+> **Tip**: You can use the default [values.yaml](values.yaml)
 
diff --git a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
new file mode 100644
index 0000000..5646e8b
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-dockerhub-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenisci" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
\ No newline at end of file
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 1d6e559..bd2e473 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -275,6 +275,8 @@ PipelineSecrets:
     SonarToken: xxxx
     # Password Local NEXUS
     NexusPassword: xxxx
+    # Password hub.docker.com
+    DockerHubPassword: xxxx
   File:
     # Set to false to keep existing secret
     Replace: true