diff --git a/molgenis-jenkins/README.md b/molgenis-jenkins/README.md
index 9fe7bd6..c4e134a 100644
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@@ -46,13 +46,15 @@ You can override the values at deploy time but otherwise also configure them
 Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
 in the slave pods.
 
-| Parameter                          | Description                          | Default         |
-| ---------------------------------- | ------------------------------------ | --------------- |
-| `PipelineSecrets.Env.Replace`      | Replace molgenis-pipeline-env secret | `true`          |
-| `PipelineSecrets.Env.PGPPassphrase`| passphrase for the pgp signing key   | `literal:xxxx`  |
-| `PipelineSecrets.Env.CodecovToken` | token for codecov.io                 | `xxxx`          |
-| `PipelineSecrets.Env.GitHubToken`  | token for GH molgenis-jenkins user   | `xxxx`          |
-| `PipelineSecrets.Env.SonarToken`   | token for sonarcloud.io              | `xxxx`          |                                                            |
+| Parameter                              | Description                               | Default         |
+| -------------------------------------- | ----------------------------------------- | --------------- |
+| `PipelineSecrets.Env.Replace`          | Replace molgenis-pipeline-env secret      | `true`          |
+| `PipelineSecrets.Env.PGPPassphrase`    | passphrase for the pgp signing key        | `literal:xxxx`  |
+| `PipelineSecrets.Env.CodecovToken`     | token for codecov.io                      | `xxxx`          |
+| `PipelineSecrets.Env.GitHubToken`      | token for GH molgenis-jenkins user        | `xxxx`          |
+| `PipelineSecrets.Env.NexusPassword`    | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
+| `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx`          |
+| `PipelineSecrets.Env.SonarToken`       | token for sonarcloud.io                   | `xxxx`          |                                                            |
 
 ### File
 
diff --git a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
new file mode 100644
index 0000000..5646e8b
--- /dev/null
+++ b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-dockerhub-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenisci" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
\ No newline at end of file
diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml
index 76e6db6..7b44096 100644
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -269,6 +269,8 @@ PipelineSecrets:
     SonarToken: xxxx
     # Password Local NEXUS
     NexusPassword: xxxx
+    # Password hub.docker.com
+    DockerHubPassword: xxxx
   File:
     # Set to false to keep existing secret
     Replace: true