Manage Registry Credentials

Drone provides the ability to store registry credentials. These credentials can be used to pull private pipeline images defined in your Yaml configuration file.

Image Caching Behavior

All images (including private images) are pulled and cached by the Docker daemon. Neither Docker nor Drone restrict the use of cached images. An image already in the local cache can be used by any pipeline.

It is possible for one repository to have credentials and pull a private image that is cached by Docker, and used by another repository that does not have registry credentials configured.

Keep this in mind when running Drone and jobs in a shared or public environment.

Configuration

Example configuration using a private image:

pipeline:
  build:
+   image: gcr.io/custom/golang
    commands:
      - go build
      - go test

Registries are added to your repository using the command line utility:

drone registry add \
  --repository <repository> \
  --hostname <image> \
  --username <name> \
  --password <value>

Example command:

drone registry add \
  --repository octocat/hello-world \
  --hostname gcr.io \
  --username <name> \
  --password <value>

Example commands loads the password from file:

drone registry add \
  --repository octocat/hello-world \
  --hostname gcr.io \
  --username _json_key \
  --password @/absolute/path/to/keyfile.json

Please note that in the above examples the --repository flag should be set to your version control repository name (e.g. your github repository name).

Matching

Drone matches the registry hostname to each image in your yaml. If the hostnames match, the registry credentials are used to authenticate to your registry and pull the image. Note that registry credentials are used by the Drone agent and are never exposed to your build containers.

Example registry hostnames:

Example registry hostname matching logic:

Questions?

We are always happy to help with questions you might have. Search our documentation or check out answers to common questions. You can also post questions or comments to our community forum.