Create Container Registry
Create a new container registry configuration to store credentials for accessing private Docker images.
Endpoint
POST /{companyId}/containerRegistryConfig
Authentication
Required: Yes (Session or Bearer Token with 2FA)
Request Body
{
"name": "My Azure Registry",
"url": "myregistry.azurecr.io",
"username": "myusername",
"password": "mypassword"
}
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Friendly name for the registry (for identification) |
url | string | Yes | Registry domain (e.g., ghcr.io, myregistry.azurecr.io) |
username | string | No* | Username for authentication (*required if using username/password auth) |
password | string | No* | Password or access token (*required if using username/password auth) |
token | string | No* | Bearer token for authentication (*alternative to username/password) |
isActive | boolean | No | Whether the registry is active (default: true) |
Note: You must provide either
username+passwordORtokenfor authentication.
Response
Success Response (201 Created)
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"companyIdRef": "770e8400-e29b-41d4-a716-446655440002",
"name": "My Azure Registry",
"url": "myregistry.azurecr.io",
"isActive": true,
"isDeleted": false,
"createdAt": "2024-11-26T10:00:00Z",
"modifiedBy": "user-123"
}
Security Note: The
dockerConfigfield containing credentials is not returned in responses for security reasons.
Error Responses
| Status Code | Description |
|---|---|
| 400 | Bad Request - Invalid registry configuration or validation failed |
| 401 | Unauthorized - Invalid or missing authentication |
| 409 | Conflict - Registry with this URL already exists |
| 500 | Internal Server Error |
Examples
Example 1: Azure Container Registry
curl -X POST "https://api.thevenin.cloud/{companyId}/containerRegistryConfig" \
-H "Authorization: Bearer tvn_your_api_token_here" \
-H "Content-Type: application/json" \
-d '{
"name": "Production ACR",
"url": "myprod.azurecr.io",
"username": "myprod",
"password": "access-token-12345"
}'
Example 2: GitHub Container Registry
# First, create a GitHub Personal Access Token with read:packages scope
curl -X POST "https://api.thevenin.cloud/{companyId}/containerRegistryConfig" \
-H "Authorization: Bearer tvn_your_api_token_here" \
-H "Content-Type: application/json" \
-d '{
"name": "GitHub Packages",
"url": "ghcr.io",
"username": "myusername",
"password": "ghp_MyPersonalAccessToken123"
}'
Example 3: Docker Hub Private
curl -X POST "https://api.thevenin.cloud/{companyId}/containerRegistryConfig" \
-H "Authorization: Bearer tvn_your_api_token_here" \
-H "Content-Type: application/json" \
-d '{
"name": "Docker Hub",
"url": "docker.io",
"username": "mydockerusername",
"password": "mydockerpassword"
}'
Example 4: Google Container Registry
curl -X POST "https://api.thevenin.cloud/{companyId}/containerRegistryConfig" \
-H "Authorization: Bearer tvn_your_api_token_here" \
-H "Content-Type: application/json" \
-d '{
"name": "GCR Production",
"url": "gcr.io",
"username": "_json_key",
"password": "{\"type\":\"service_account\",...}"
}'
Example 5: AWS ECR
# Note: ECR tokens expire after 12 hours, consider using AWS IAM roles instead
curl -X POST "https://api.thevenin.cloud/{companyId}/containerRegistryConfig" \
-H "Authorization: Bearer tvn_your_api_token_here" \
-H "Content-Type: application/json" \
-d '{
"name": "AWS ECR",
"url": "123456789012.dkr.ecr.us-east-1.amazonaws.com",
"username": "AWS",
"password": "eyJwYXlsb2FkIjoiZXhhbXBsZSJ9..."
}'
Notes
- Credential Storage: Credentials are stored as a base64-encoded Docker config JSON
- URL Format:
- ✅ Correct:
myregistry.azurecr.io,ghcr.io,docker.io - ❌ Incorrect:
https://myregistry.azurecr.io,myregistry.azurecr.io/
- ✅ Correct:
- Validation: It's recommended to validate credentials using the Validate Endpoint before creating
- Security: Use tokens with minimal required permissions (read-only for pulling images)
- Token Expiration: Some registries (like AWS ECR) have short-lived tokens - plan for credential rotation
Next Steps
After creating a registry:
- Optionally validate the credentials
- Use the registry ID when creating applications with private images
- Or when updating application images
Registry-Specific Guides
GitHub Container Registry (GHCR)
- Go to GitHub Settings → Developer settings → Personal access tokens
- Generate new token with
read:packagesscope - Use your GitHub username and the token as password
Azure Container Registry (ACR)
- Go to your ACR in Azure Portal
- Access keys → Enable Admin user
- Use the username and password shown
- Or create a service principal with
AcrPullrole
Google Container Registry (GCR)
- Create a service account in GCP
- Grant
Storage Object Viewerrole - Download JSON key
- Use
_json_keyas username and the entire JSON as password
AWS Elastic Container Registry (ECR)
- Get login token:
aws ecr get-login-password - Use
AWSas username and token as password - Note: Tokens expire after 12 hours