Authenticate with the container registry

To authenticate with the container registry, you can use a:

All of these authentication methods require the minimum scope:

  • For read (pull) access, to be read_registry.
  • For write (push) access, to be write_registry and read_registry.

To authenticate, run the docker login command. For example:

   docker login registry.example.com -u <username> -p <token>

Use GitLab CI/CD to authenticate

To use CI/CD to authenticate with the container registry, you can use:

  • The CI_REGISTRY_USER CI/CD variable.

    This variable has read-write access to the container registry and is valid for one job only. Its password is also automatically created and assigned to CI_REGISTRY_PASSWORD.

    docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    
  • A CI job token.

    docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
    
  • A deploy token with the minimum scope of:
    • For read (pull) access, read_registry.
    • For write (push) access, write_registry.
    docker login -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD $CI_REGISTRY
    
  • A personal access token with the minimum scope of:
    • For read (pull) access, read_registry.
    • For write (push) access, write_registry.
    docker login -u <username> -p <access_token> $CI_REGISTRY