Registry Credentials
If your applications use private Docker images, you need to configure registry credentials so Reoclo can authenticate when pulling images during deployments.
Supported Registries
Section titled “Supported Registries”| Registry | Type | Default URL |
|---|---|---|
| Docker Hub | docker_hub | docker.io |
| GitHub Container Registry | ghcr | ghcr.io |
| AWS Elastic Container Registry | aws_ecr | (your ECR URL) |
| Google Artifact Registry | google_artifact_registry | (your GAR URL) |
| Azure Container Registry | azure_acr | (your ACR URL) |
| Harbor | harbor | (your Harbor URL) |
| Generic (any Docker v2 registry) | generic | (your registry URL) |
Adding Credentials
Section titled “Adding Credentials”- Navigate to Registry Credentials in the sidebar
- Click Add Credential
- Select the registry type
- Fill in the connection details:
- Name: descriptive label (e.g., “Production GHCR”)
- Registry URL: auto-filled for Docker Hub and GHCR, required for others
- Username: registry username or access key
- Password / Token: authentication secret (encrypted at rest)
- Click Test Connection to verify before saving
- Click Save
Provider-Specific Setup
Section titled “Provider-Specific Setup”Docker Hub: Use your Docker Hub username and a Personal Access Token (not your account password).
GitHub Container Registry (GHCR): Use your GitHub username and a Personal Access Token with read:packages scope.
AWS ECR: Use your AWS Access Key ID as username. For the credential, provide a JSON object:
{"aws_secret_access_key": "your-secret-key", "region": "us-east-1"}Google Artifact Registry: Use _json_key as the username and paste your full service account JSON key as the credential.
Using Credentials in Applications
Section titled “Using Credentials in Applications”When creating or configuring an application, select the registry credential in the build configuration. Reoclo will use it to authenticate with the registry when pulling base images or pushing built images.
Testing Credentials
Section titled “Testing Credentials”Before saving, use the Test Connection button to verify Reoclo can authenticate with the registry. The test will report success or failure with a latency measurement.
Credential Security
Section titled “Credential Security”- Passwords and tokens are encrypted at rest using AES-256-GCM envelope encryption
- Credentials are never exposed in the dashboard after creation
- Each credential is encrypted with its own unique key
- Credentials are only decrypted during deployment operations
Deleting Credentials
Section titled “Deleting Credentials”You can delete a credential only if no applications are using it. If applications reference the credential, you’ll need to update them to use a different credential (or none) before deleting.
Next Steps
Section titled “Next Steps”- Deployment Configuration to configure Docker builds
- Encryption to understand how credentials are protected