Authenticate with the container registry

DETAILS: Tier: Free, Premium, Ultimate Offering: SaaS, self-managed

To authenticate with the container registry, you can use a:

• Personal access token.
• Deploy token.
• Project access token.
• Group access token.

All of these authentication methods require the minimum scope:

• For read (pull) access, to be read_registry.
• For write (push) access, to be write_registry and read_registry.

To authenticate, run the docker login command. For example:

TOKEN=<token>
docker login registry.example.com -u <username> --password-stdin <<<$TOKEN

Use GitLab CI/CD to authenticate

To use CI/CD to authenticate with the container registry, you can use:

• The CI_REGISTRY_USER CI/CD variable.

  This variable holds a per-job user with read-write access to the container registry. Its password is also automatically created and available in CI_REGISTRY_PASSWORD.

  docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin <<<$CI_REGISTRY_PASSWORD

• A CI job token.

  docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin <<<$CI_JOB_TOKEN

• A deploy token with the minimum scope of:

  • For read (pull) access, read_registry.
  • For write (push) access, read_registry and write_registry.

  docker login $CI_REGISTRY -u $CI_DEPLOY_USER --password-stdin <<<$CI_DEPLOY_PASSWORD

• A personal access token with the minimum scope of:

  • For read (pull) access, read_registry.
  • For write (push) access, read_registry and write_registry.

  docker login $CI_REGISTRY -u <username> -p <access_token>