Manage Registry Credentials
Registry credentials are required for Sysdig Secure to pull and analyze images. Each of the registry types has unique input fields for the credentials required (e.g., username/password
for docker.io; JSON key
for Google Container Registry).
Add a New Registry
From the
Image Scanning
module, selectRegistry Credentials
.Click
Add Registry
.The New Registry page is displayed.
Enter the
Path
to the registry. E.g.docker.io
.Select the registry
Type
from the drop-down menu.Configure the registry-specific
credentials
(based on theType
chosen):Docker V2There are many Docker V2 registries, and the credential requirements may differ.
For example, for Azure Container Registry:
Admin Account
Username
: in the'az acr credentials show --name <registry name>'
command resultPassword
: The password or password2 value from the'az acr credentials show'
command resultService Principal
Username
: The service principal app idPassword
: The service principal password
AWS ECR:
AWS access key
AWS secret key
Google Container Registry:
JSON Key
(Primarily for OpenShift clusters): Add an
internal registry address
.The recommended way to run an image registry for an OpenShift cluster is to run it locally. The Sysdig agent will detect the internal registry names, but for the Anchore engine to pull and scan the image it needs access to the internal registry itself.
Example:
External name:
mytestregistry.example.com
Internal name:
docker-registry.default.svc:5000
Note
Sysdig maps the internal registry name to the external registry name, so the
Runtime
andRepository
lists will show only the external names.Optional: Toggle the switch to
Allow Self-Signed
certificates.By default, the UI will only pull images from a TLS/SSL-enabled registry.
Toggle
Allow Self-Signed
to instruct the UI not to validate the certificate (if the registry is protected with a self-signed certificate or a cert from an unknown certificate authority).Optional: Toggle the
Test Credentials
switch to validate your entries.When enabled, Sysdig will attempt to pull the image using the entered credentials. If it succeeds, the registry will be saved. If it fails, you will receive an error and can correct the credentials or image details.
If enabled, then enter the
test registry path
in the format :registry/repo:tag
E.g.
quay.io/sysdig/agent:0.89
Click
Save
.
Edit a Registry
From the
Image Scanning
module, selectRegistry Credentials
.Select an existing registry to open the
Edit
window.Update the parameters as necessary and click
Save
.Note
The registry Type cannot be edited.
Delete a Registry
From the
Image Scanning
module, selectRegistry Credentials
.Select the existing registry to open the
Edit
window.Click
Delete Registry
and clickYes
to confirm the change.
Next Steps
When at least one registry has been added successfully, it is possible to scan images and review scan results, taking advantage of the Default
scanning policy provided.