Sysdig Documentation

Manage Registry Credentials

Registry credentials are required for Sysdig Secure to pull and analyze images. Each of the registry types has unique input fields for the credentials required (e.g., username/password for docker.io; JSON key for Google Container Registry).

Add a New Registry

  1. From the Image Scanning module, select Registry Credentials.

  2. Click Add Registry.

    The New Registry page is displayed.

    374670556.png

  3. Enter the Path to the registry. E.g. docker.io.

  4. Select the registry Type from the drop-down menu.

  5. Configure the registry-specific credentials (based on the Type chosen):

    1. Docker V2There are many Docker V2 registries, and the credential requirements may differ.

      For example, for Azure Container Registry:

      1. Admin Account

        Username: in the 'az acr credentials show --name <registry name>' command result

        Password: The password or password2 value from the 'az acr credentials show' command result

      2. Service Principal

        Username: The service principal app id

        Password: The service principal password

    2. AWS ECR:

      1. AWS access key

      2. AWS secret key

    3. Google Container Registry:

      1. JSON Key

  6. (Primarily for OpenShift clusters): Add an internal registry address.

    The recommended way to run an image registry for an OpenShift cluster is to run it locally. The Sysdig agent will detect the internal registry names, but for the Anchore engine to pull and scan the image it needs access to the internal registry itself.

    Example:

    External name: mytestregistry.example.com

    Internal name: docker-registry.default.svc:5000

    Note

    Sysdig maps the internal registry name to the external registry name, so the Runtime and Repository lists will show only the external names.

  7. Optional: Toggle the switch to Allow Self-Signed certificates.

    By default, the UI will only pull images from a TLS/SSL-enabled registry.

    Toggle Allow Self-Signed to instruct the UI not to validate the certificate (if the registry is protected with a self-signed certificate or a cert from an unknown certificate authority).

  8. Optional: Toggle the Test Credentials switch to validate your entries.

    When enabled, Sysdig will attempt to pull the image using the entered credentials. If it succeeds, the registry will be saved. If it fails, you will receive an error and can correct the credentials or image details.

    If enabled, then enter the test registry path in the format :

    registry/repo:tag

    E.g. quay.io/sysdig/agent:0.89

  9. Click Save.

Edit a Registry

  1. From the Image Scanning module, select Registry Credentials.

  2. Select an existing registry to open the Edit window.

  3. Update the parameters as necessary and click Save.

    Note

    The registry Type cannot be edited.

Delete a Registry

  1. From the Image Scanning module, select Registry Credentials.

  2. Select the existing registry to open the Edit window.

  3. Click Delete Registry and click Yes to confirm the change.

Next Steps

When at least one registry has been added successfully, it is possible to scan images and review scan results, taking advantage of the Default scanning policy provided.