Skip to content
Dockreg

Key management

Key Management

Section titled “Key Management”

Keys provide secure access to your Dockreg registries, enabling automation for pushing and pulling images without using your main account credentials. Note that full programmatic access via API is coming soon. Manage keys at the registry level through the Dockreg dashboard at https://dockreg.com/dashboard.

Generating API Keys

Section titled “Generating API Keys”
  1. Log in to your Dockreg account and navigate to the specific registry’s settings.
  2. In the sidebar, select API Keys.
  3. Click Generate New Key.
  4. Provide a descriptive name for the key (e.g., “CI/CD Pipeline”).
  5. Select the desired permissions: Read (for pulling images only) or Read/Write (for both pulling and pushing).
  6. Optionally, set an expiration date for added security.
  7. Click Generate. Copy the key immediately, as it will not be shown again.

Use this key with tools like Docker CLI for authentication, e.g., docker login -u <key> -p <key> myapp.registry.dockreg.com.

Permissions

Section titled “Permissions”

API keys support granular permissions to follow the principle of least privilege:

  • Read: Grants permission to pull (download) images from the registry. Ideal for build servers or deployment pipelines that only need to fetch images.
  • Read/Write: Grants full access to pull and push (upload) images. Use for development workflows where image uploads are required.

Permissions are scoped to the specific registry where the key is generated and cannot access other registries.

Revoking API Keys

Section titled “Revoking API Keys”

If a key is compromised or no longer needed:

  1. Go to the registry’s API Keys section in the dashboard.
  2. Locate the key by name.
  3. Click Revoke.
  4. Confirm the action.

Revocation is immediate, and the key can no longer authenticate any requests. Deleted keys cannot be recovered.

Best Practices for Security

Section titled “Best Practices for Security”
  • Rotate Regularly: Generate new keys periodically (e.g., every 90 days) and revoke old ones to minimize exposure risks.
  • Use Minimal Permissions: Assign read-only access wherever possible, especially in production environments or shared systems.
  • Secure Storage: Never hardcode API keys in source code or repositories. Store them in secure vaults like environment variables, AWS Secrets Manager, or GitHub Secrets.
  • Monitor Usage: Leverage Dockreg’s real-time monitoring to track API key activity. Set up alerts for unusual patterns, such as high-volume pushes from unexpected locations.
  • Expiration and Naming: Always set expiration dates on keys and use descriptive names to track their purpose and ownership.
  • Integrate with CI/CD: For automated workflows, use keys with Docker CLI in pipelines and avoid personal credentials.

For advanced features like key rotation automation or audit logs, upgrade to the Enterprise plan. Programmatic key management via API is coming soon.