Authenticate with the container registry
To authenticate with the container registry, you can use a:
All of these authentication methods require the minimum scope:
- For read (pull) access, to be
read_registry
. - For write (push) access, to be
write_registry
andread_registry
.
To authenticate, run the docker login
command. For example:
docker login registry.example.com -u <username> -p <token>
Use GitLab CI/CD to authenticate
To use CI/CD to authenticate with the container registry, you can use:
-
The
CI_REGISTRY_USER
CI/CD variable.This variable has read-write access to the container registry and is valid for one job only. Its password is also automatically created and assigned to
CI_REGISTRY_PASSWORD
.docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-
A CI job token.
docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
- A deploy token with the minimum scope of:
- For read (pull) access,
read_registry
. - For write (push) access,
write_registry
.
docker login -u $CI_DEPLOY_USER -p $CI_DEPLOY_PASSWORD $CI_REGISTRY
- For read (pull) access,
- A personal access token with the minimum scope of:
- For read (pull) access,
read_registry
. - For write (push) access,
write_registry
.
docker login -u <username> -p <access_token> $CI_REGISTRY
- For read (pull) access,