<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
< meta http-equiv = "x-ua-compatible" content = "ie=edge" >
< link rel = "canonical" href = "http://containrrr.github.io/watchtower/private-registries/" >
< meta name = "lang:clipboard.copy" content = "Copy to clipboard" >
< meta name = "lang:clipboard.copied" content = "Copied to clipboard" >
< meta name = "lang:search.language" content = "en" >
< meta name = "lang:search.pipeline.stopwords" content = "True" >
< meta name = "lang:search.pipeline.trimmer" content = "True" >
< meta name = "lang:search.result.none" content = "No matching documents" >
< meta name = "lang:search.result.one" content = "1 matching document" >
< meta name = "lang:search.result.other" content = "# matching documents" >
< meta name = "lang:search.tokenizer" content = "[\s\-]+" >
< link rel = "shortcut icon" href = "../assets/images/favicon.png" >
< meta name = "generator" content = "mkdocs-1.1, mkdocs-material-4.6.3" >
< title > Private registries - Watchtower< / title >
< link rel = "stylesheet" href = "../assets/stylesheets/application.adb8469c.css" >
< script src = "../assets/javascripts/modernizr.86422ebf.js" > < / script >
< link href = "https://fonts.gstatic.com" rel = "preconnect" crossorigin >
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" >
< style > body , input { font-family : "Roboto" , "Helvetica Neue" , Helvetica , Arial , sans-serif } code , kbd , pre { font-family : "Roboto Mono" , "Courier New" , Courier , monospace } < / style >
< link rel = "stylesheet" href = "../assets/fonts/material-icons.css" >
< / head >
< body dir = "ltr" >
< svg class = "md-svg" >
< defs >
< svg xmlns = "http://www.w3.org/2000/svg" width = "416" height = "448" viewBox = "0 0 416 448" id = "__github" > < path fill = "currentColor" d = "M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z" / > < / svg >
< / defs >
< / svg >
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
< label class = "md-overlay" data-md-component = "overlay" for = "__drawer" > < / label >
< a href = "#create_the_configuration_file_manually" tabindex = "0" class = "md-skip" >
Skip to content
< / a >
< header class = "md-header" data-md-component = "header" >
< nav class = "md-header-nav md-grid" >
< div class = "md-flex" >
< div class = "md-flex__cell md-flex__cell--shrink" >
< a href = "http://containrrr.github.io/watchtower/" title = "Watchtower" aria-label = "Watchtower" class = "md-header-nav__button md-logo" >
< i class = "md-icon" > < / i >
< / a >
< / div >
< div class = "md-flex__cell md-flex__cell--shrink" >
< label class = "md-icon md-icon--menu md-header-nav__button" for = "__drawer" > < / label >
< / div >
< div class = "md-flex__cell md-flex__cell--stretch" >
< div class = "md-flex__ellipsis md-header-nav__title" data-md-component = "title" >
< span class = "md-header-nav__topic" >
Watchtower
< / span >
< span class = "md-header-nav__topic" >
Private registries
< / span >
< / div >
< / div >
< div class = "md-flex__cell md-flex__cell--shrink" >
< label class = "md-icon md-icon--search md-header-nav__button" for = "__search" > < / label >
< div class = "md-search" data-md-component = "search" role = "dialog" >
< label class = "md-search__overlay" for = "__search" > < / label >
< div class = "md-search__inner" role = "search" >
< form class = "md-search__form" name = "search" >
< input type = "text" class = "md-search__input" aria-label = "search" name = "query" placeholder = "Search" autocapitalize = "off" autocorrect = "off" autocomplete = "off" spellcheck = "false" data-md-component = "query" data-md-state = "active" >
< label class = "md-icon md-search__icon" for = "__search" > < / label >
< button type = "reset" class = "md-icon md-search__icon" data-md-component = "reset" tabindex = "-1" >

< / button >
< / form >
< div class = "md-search__output" >
< div class = "md-search__scrollwrap" data-md-scrollfix >
< div class = "md-search-result" data-md-component = "result" >
< div class = "md-search-result__meta" >
Type to start searching
< / div >
< ol class = "md-search-result__list" > < / ol >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "md-flex__cell md-flex__cell--shrink" >
< div class = "md-header-nav__source" >
< a href = "https://github.com/containrrr/watchtower/" title = "Go to repository" class = "md-source" data-md-source = "github" >
< div class = "md-source__icon" >
< svg viewBox = "0 0 24 24" width = "24" height = "24" >
< use xlink:href = "#__github" width = "24" height = "24" > < / use >
< / svg >
< / div >
< div class = "md-source__repository" >
GitHub
< / div >
< / a >
< / div >
< / div >
< / div >
< / nav >
< / header >
< div class = "md-container" >
< main class = "md-main" role = "main" >
< div class = "md-main__inner md-grid" data-md-component = "container" >
< div class = "md-sidebar md-sidebar--primary" data-md-component = "navigation" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--primary" data-md-level = "0" >
< label class = "md-nav__title md-nav__title--site" for = "__drawer" >
< a href = "http://containrrr.github.io/watchtower/" title = "Watchtower" class = "md-nav__button md-logo" >
< i class = "md-icon" > < / i >
< / a >
Watchtower
< / label >
< div class = "md-nav__source" >
< a href = "https://github.com/containrrr/watchtower/" title = "Go to repository" class = "md-source" data-md-source = "github" >
< div class = "md-source__icon" >
< svg viewBox = "0 0 24 24" width = "24" height = "24" >
< use xlink:href = "#__github" width = "24" height = "24" > < / use >
< / svg >
< / div >
< div class = "md-source__repository" >
GitHub
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = ".." title = "Home" class = "md-nav__link" >
Home
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../introduction/" title = "Introduction" class = "md-nav__link" >
Introduction
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../usage-overview/" title = "Usage overview" class = "md-nav__link" >
Usage overview
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../arguments/" title = "Arguments" class = "md-nav__link" >
Arguments
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../notifications/" title = "Notifications" class = "md-nav__link" >
Notifications
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../container-selection/" title = "Container selection" class = "md-nav__link" >
Container selection
< / a >
< / li >
< li class = "md-nav__item md-nav__item--active" >
< input class = "md-toggle md-nav__toggle" data-md-toggle = "toc" type = "checkbox" id = "__toc" >
< label class = "md-nav__link md-nav__link--active" for = "__toc" >
Private registries
< / label >
< a href = "./" title = "Private registries" class = "md-nav__link md-nav__link--active" >
Private registries
< / a >
< nav class = "md-nav md-nav--secondary" >
< label class = "md-nav__title" for = "__toc" > Table of contents< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#create_the_configuration_file_manually" class = "md-nav__link" >
Create the configuration file manually
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#share_the_docker_configuration_file" class = "md-nav__link" >
Share the Docker configuration file
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#credential_helpers" class = "md-nav__link" >
Credential helpers
< / a >
< nav class = "md-nav" >
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
< a href = "#example" class = "md-nav__link" >
Example
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
< a href = "../linked-containers/" title = "Linked containers" class = "md-nav__link" >
Linked containers
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../remote-hosts/" title = "Remote hosts" class = "md-nav__link" >
Remote hosts
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../secure-connections/" title = "Secure connections" class = "md-nav__link" >
Secure connections
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../stop-signals/" title = "Stop signals" class = "md-nav__link" >
Stop signals
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "../lifecycle-hooks/" title = "Lifecycle hooks" class = "md-nav__link" >
Lifecycle hooks
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-sidebar md-sidebar--secondary" data-md-component = "toc" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--secondary" >
< label class = "md-nav__title" for = "__toc" > Table of contents< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
< a href = "#create_the_configuration_file_manually" class = "md-nav__link" >
Create the configuration file manually
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#share_the_docker_configuration_file" class = "md-nav__link" >
Share the Docker configuration file
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#credential_helpers" class = "md-nav__link" >
Credential helpers
< / a >
< nav class = "md-nav" >
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
< a href = "#example" class = "md-nav__link" >
Example
< / a >
< / li >
< / ul >
< / nav >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-content" >
< article class = "md-content__inner md-typeset" >
< a href = "https://github.com/containrrr/watchtower/edit/master/docs/private-registries.md" title = "Edit this page" class = "md-icon md-content__icon" >  < / a >
< h1 > Private registries< / h1 >
< p > Watchtower supports private Docker image registries. In many cases, accessing a private registry requires a valid username and password (i.e., < em > credentials< / em > ). In order to operate in such an environment, watchtower needs to know the credentials to access the registry. < / p >
< p > The credentials can be provided to watchtower in a configuration file called < code > config.json< / code > . There are two ways to generate this configuration file:< / p >
< ul >
< li > The configuration file can be created manually.< / li >
< li > Call < code > docker login < REGISTRY_NAME> < / code > and share the resulting configuration file.< / li >
< / ul >
< h3 id = "create_the_configuration_file_manually" > Create the configuration file manually< a class = "headerlink" href = "#create_the_configuration_file_manually" title = "Permanent link" > ¶ < / a > < / h3 >
< p > Create a new configuration file with the following syntax and a base64 encoded username and password < code > auth< / code > string:< / p >
< pre > < code class = "json" > {
" auths" : {
" < REGISTRY_NAME> " : {
" auth" : " XXXXXXX"
}
}
}
< / code > < / pre >
< p > < code > < REGISTRY_NAME> < / code > needs to be replaced by the name of your private registry (e.g., < code > my-private-registry.example.org< / code > )< / p >
< p > The required < code > auth< / code > string can be generated as follows:< / p >
< pre > < code class = "bash" > echo -n 'username:password' | base64
< / code > < / pre >
< p > When the watchtower Docker container is started, the created configuration file (< code > < PATH> /config.json< / code > in this example) needs to be passed to the container:< / p >
< pre > < code class = "bash" > docker run [...] -v < PATH> /config.json:/config.json containrrr/watchtower
< / code > < / pre >
< h3 id = "share_the_docker_configuration_file" > Share the Docker configuration file< a class = "headerlink" href = "#share_the_docker_configuration_file" title = "Permanent link" > ¶ < / a > < / h3 >
< p > To pull an image from a private registry, < code > docker login< / code > needs to be called first, to get access to the registry. The provided credentials are stored in a configuration file called < code > < PATH_TO_HOME_DIR> /.docker/config.json< / code > . This configuration file can be directly used by watchtower. In this case, the creation of an additional configuration file is not necessary.< / p >
< p > When the Docker container is started, pass the configuration file to watchtower:< / p >
< pre > < code class = "bash" > docker run [...] -v < PATH_TO_HOME_DIR> /.docker/config.json:/config.json containrrr/watchtower
< / code > < / pre >
< p > When creating the watchtower container via docker-compose, use the following lines:< / p >
< pre > < code class = "yaml" > version: " 3"
[...]
watchtower:
image: index.docker.io/containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- < PATH_TO_HOME_DIR> /.docker/config.json:/config.json
[...]
< / code > < / pre >
< h2 id = "credential_helpers" > Credential helpers< a class = "headerlink" href = "#credential_helpers" title = "Permanent link" > ¶ < / a > < / h2 >
< p > Some private Docker registries (the most prominent probably being AWS ECR) use non-standard ways of authentication.
To be able to use this together with watchtower, we need to use a credential helper.< / p >
< p > To keep the image size small we've decided to not include any helpers in the watchtower image, instead we'll put the
helper in a separate container and mount it using volumes.< / p >
< h3 id = "example" > Example< a class = "headerlink" href = "#example" title = "Permanent link" > ¶ < / a > < / h3 >
< p > Example implementation for use with < a href = "https://github.com/awslabs/amazon-ecr-credential-helper" > amazon-ecr-credential-helper< / a > :< / p >
< pre > < code class = "Dockerfile" > FROM golang:latest
ENV CGO_ENABLED 0
ENV REPO github.com/awslabs/amazon-ecr-credential-helper/ecr-login/cli/docker-credential-ecr-login
RUN go get -u $REPO
RUN rm /go/bin/docker-credential-ecr-login
RUN go build \
-o /go/bin/docker-credential-ecr-login \
/go/src/$REPO
WORKDIR /go/bin/
< / code > < / pre >
< p > and the docker-compose definition:< / p >
< pre > < code class = "yaml" > version: " 3"
services:
watchtower:
image: index.docker.io/containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- < PATH_TO_HOME_DIR> /.docker/config.json:/config.json
- helper:/go/bin
environment:
- HOME=/
- PATH=$PATH:/go/bin
- AWS_REGION=< AWS_REGION>
- AWS_ACCESS_KEY_ID=< AWS_ACCESS_KEY>
- AWS_SECRET_ACCESS_KEY=< AWS_SECRET_ACCESS_KEY>
volumes:
helper: {}
< / code > < / pre >
< p > and for < code > < PATH_TO_HOME_DIR> /.docker/config.json< / code > :< / p >
< pre > < code class = "json" > {
" HttpHeaders" : {
" User-Agent" : " Docker-Client/19.03.1 (XXXXXX)"
},
" credsStore" : " osxkeychain" ,
" auths" : {
" xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : {},
" https://index.docker.io/v1/" : {}
},
" credHelpers" : {
" xyzxyzxyz.dkr.ecr.eu-north-1.amazonaws.com" : " ecr-login" ,
" index.docker.io" : " osxkeychain"
}
}
< / code > < / pre >
< p > < em > Note:< / em > < code > osxkeychain< / code > can be changed to your prefered credentials helper.< / p >
< / article >
< / div >
< / div >
< / main >
< footer class = "md-footer" >
< div class = "md-footer-nav" >
< nav class = "md-footer-nav__inner md-grid" >
< a href = "../container-selection/" title = "Container selection" class = "md-flex md-footer-nav__link md-footer-nav__link--prev" rel = "prev" >
< div class = "md-flex__cell md-flex__cell--shrink" >
< i class = "md-icon md-icon--arrow-back md-footer-nav__button" > < / i >
< / div >
< div class = "md-flex__cell md-flex__cell--stretch md-footer-nav__title" >
< span class = "md-flex__ellipsis" >
< span class = "md-footer-nav__direction" >
Previous
< / span >
Container selection
< / span >
< / div >
< / a >
< a href = "../linked-containers/" title = "Linked containers" class = "md-flex md-footer-nav__link md-footer-nav__link--next" rel = "next" >
< div class = "md-flex__cell md-flex__cell--stretch md-footer-nav__title" >
< span class = "md-flex__ellipsis" >
< span class = "md-footer-nav__direction" >
Next
< / span >
Linked containers
< / span >
< / div >
< div class = "md-flex__cell md-flex__cell--shrink" >
< i class = "md-icon md-icon--arrow-forward md-footer-nav__button" > < / i >
< / div >
< / a >
< / nav >
< / div >
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
< div class = "md-footer-copyright" >
powered by
< a href = "https://www.mkdocs.org" target = "_blank" rel = "noopener" > MkDocs< / a >
and
< a href = "https://squidfunk.github.io/mkdocs-material/" target = "_blank" rel = "noopener" >
Material for MkDocs< / a >
< / div >
< / div >
< / div >
< / footer >
< / div >
< script src = "../assets/javascripts/application.c33a9706.js" > < / script >
< script > app . initialize ( { version : "1.1" , url : { base : ".." } } ) < / script >
< / body >
< / html >
