Container Registries

Container Registries allow you to securely store and manage credentials for private Docker container registries, enabling your applications to pull private images.

Overview

A Container Registry configuration stores authentication credentials for accessing private container images from registries like:

• Docker Hub (private repositories)
• GitHub Container Registry (GHCR)
• Azure Container Registry (ACR)
• Google Container Registry (GCR)
• Amazon Elastic Container Registry (ECR)
• GitLab Container Registry
• Harbor
• JFrog Artifactory
• Any Docker-compatible private registry

Key Features

• Secure Credential Storage: Credentials are stored securely and never exposed in API responses
• Reusable Configurations: One registry configuration can be used by multiple applications
• Automatic Authentication: System automatically uses registry credentials when pulling images
• Registry Validation: Validate registry credentials before saving
• Multi-Registry Support: Configure multiple registries for different image sources

Common Use Cases

1. Private Company Images

Store your company's proprietary application images in a private registry:

{
  "name": "Company ACR",
  "url": "mycompany.azurecr.io",
  "username": "mycompany",
  "password": "access-token-here"
}

2. GitHub Private Packages

Access private images from GitHub Container Registry:

{
  "name": "GitHub Packages",
  "url": "ghcr.io",
  "username": "github-username",
  "password": "ghp_personal_access_token"
}

3. Multiple Registries

Configure different registries for different environments or teams:

• Production images: prod.azurecr.io
• Staging images: staging.azurecr.io
• Development images: ghcr.io

Workflow

1. Create Container Registry: Add registry credentials via API or UI
2. Validate Credentials: Optionally validate that credentials work
3. Reference in Application: Use registry ID when creating/updating apps with private images
4. Automatic Authentication: System handles authentication automatically

Security Considerations

• Credentials are base64-encoded and stored securely
• Use service accounts or tokens with minimal required permissions
• Rotate credentials regularly
• Delete unused registry configurations
• Use read-only credentials when possible

Available Operations

• Create Container Registry
• List Container Registries
• Get Container Registry
• Update Container Registry
• Delete Container Registry
• Validate Container Registry

Related Documentation

• Create Application with Private Image
• Update Application Image
• Update Application