diff --git a/cli/config/configfile/file.go b/cli/config/configfile/file.go
index fab3ed4cba13..3dfae04818e6 100644
--- a/cli/config/configfile/file.go
+++ b/cli/config/configfile/file.go
@@ -290,6 +290,9 @@ func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) crede
 	store := credentials.NewFileStore(configFile)
 
 	if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" {
+		if helper == "filestore" {
+			return store
+		}
 		store = newNativeStore(configFile, helper)
 	}
 
diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md
index 95efbc9de245..2fd24c545a91 100644
--- a/docs/reference/commandline/login.md
+++ b/docs/reference/commandline/login.md
@@ -30,14 +30,15 @@ store](#credential-stores). If you use Docker Desktop, credentials are
 automatically saved to the native keychain of your operating system. If you're
 not using Docker Desktop, you can configure the credential store in the Docker
 configuration file, which is located at `$HOME/.docker/config.json` on Linux or
-`%USERPROFILE%/.docker/config.json` on Windows. If you don't configure a
-credential store, Docker stores credentials in the `config.json` file in a
-base64-encoded format. This method is less secure than configuring and using a
-credential store.
+`%USERPROFILE%/.docker/config.json` on Windows.
 
-`docker login` also supports [credential helpers](#credential-helpers) to help
+`docker login` supports [credential helpers](#credential-helpers) to help
 you handle credentials for specific registries.
 
+If you don't configure a credential store and no credential helper is available,
+Docker stores credentials in the `config.json` file in a base64-encoded format.
+This method is less secure than configuring and using a credential store.
+
 ### Authentication methods
 
 You can authenticate to a registry using a username and access token or
@@ -83,6 +84,9 @@ For example, to use `docker-credential-osxkeychain`:
 }
 ```
 
+The reserved value `filestore` can be used to store the base64-encoded
+credentials directly in the `config.json` configuration file.
+
 If you are currently logged in, run `docker logout` to remove
 the credentials from the file and run `docker login` again.
 
@@ -92,7 +96,7 @@ By default, Docker looks for the native binary on each of the platforms, i.e.
 `osxkeychain` on macOS, `wincred` on Windows, and `pass` on Linux. A special
 case is that on Linux, Docker will fall back to the `secretservice` binary if
 it cannot find the `pass` binary. If none of these binaries are present, it
-stores the base64-encoded credentials in the `config.json` configuration file.
+follows the `filestore` behavior described above.
 
 #### Credential helper protocol