Skip to content
SimpleDeploy
Blog

Private registries

Add credentials so SimpleDeploy can pull private images. Credentials are encrypted with AES-256-GCM derived from master_secret before being stored.

GitHub Container Registry (ghcr.io)

Section titled “GitHub Container Registry (ghcr.io)”

Create a Personal Access Token with the read:packages scope, then:

Terminal window
simpledeploy registry add \
  --name ghcr \
  --url ghcr.io \
  --username my-github-user \
  --password $(cat ~/.ghcr-token)

Docker Hub

Section titled “Docker Hub”

Create a Hub Access Token (Account Settings, Security). Username is your Hub username.

Terminal window
simpledeploy registry add \
  --name dockerhub \
  --url docker.io \
  --username my-hub-user \
  --password dckr_pat_xxxxx

ECR / ACR / GCR / self-hosted

Section titled “ECR / ACR / GCR / self-hosted”

Same shape, swap the URL.

Terminal window
# AWS ECR (use an IAM user with ecr:GetAuthorizationToken or rotate via cron)
simpledeploy registry add \
  --name my-ecr \
  --url 123456.dkr.ecr.us-east-1.amazonaws.com \
  --username AWS \
  --password "$(aws ecr get-login-password --region us-east-1)"


# Azure Container Registry
simpledeploy registry add --name acr --url myreg.azurecr.io --username myreg --password $ACR_PASSWORD


# Self-hosted Harbor / Gitea
simpledeploy registry add --name harbor --url registry.example.com --username robot$ci --password $HARBOR_TOKEN

Tell apps which registries to use

Section titled “Tell apps which registries to use”

Set globally in config.yaml:

registries:
  - ghcr
  - dockerhub

Or per-app via compose label (overrides the global list):

services:
  web:
    image: ghcr.io/myorg/myapp:latest
    labels:
      simpledeploy.endpoints.0.domain: "myapp.example.com"
      simpledeploy.endpoints.0.port: "3000"
      simpledeploy.registries: "ghcr"

Use the special value none to disable all registries (including global) for an app that pulls only public images.

See also: Compose labels, CLI reference.