Tokens manage access to your Container Registry effectively and efficiently. Tokens serve as secure authentication methods, eliminating the need for personal credentials to be used during Continuous Integration and Continuous Deployment (CI/CD) processes. Personal credential management can become cumbersome and impractical as your services and deployments expand. Tokens provide a scalable solution for access control.
In order to minimize the permissions given to each token, you can also use:
Scopes to limit token access as narrowly as possible to specific resources and the actions it is permitted to perform on those resources to enhance security during artifact deployment. Each token can link to an individual or service, simplifying the audit process and strengthening the ability to monitor registry activity.
Expiration dates to ensure that the permissions of tokens can be automatically revoked after a period of time.
Distinct tokens for each environment to ensure access appropriately aligns with each environment's requirements and your security policies.
1. In the DCD, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry that you want to configure.
3. Click Add Token in the Tokens tab to create a new Token
4. Provide the following details:
Name: Enter a Name for the token. It is a user-visible name making it simple to recognize the token.
Notes:
It is not possible to change the token name later.
The registry name:
must contain only alphanumeric characters and dashes.
must be between 3 and 63 characters in length.
must begin with an character between a-z.
must end with an alphanumeric character.
Status: Turn on the toggle button to enable the status. The token can be disabled later.
Expiry Date: Select Expire on (minimum 1 hour) to enter an expiry date. Otherwise, select No expiry.
Note: The Expiry Date must be at least one hour in the future. When the Expiry Date is reached, the token is deleted, it is not disabled.
Scopes: Define all actions the token has permission to perform and on which repositories. Provide the following details:
Type: Select either of the following types:
Registry: Select it to create a token to get the list of repositories in the registry.
Repository: Select it to manage the contents of the repository(s).
Path: Enter the names of repositories to which the token will have access. *
can be used as a wildcard. *
will provide access to all repositories.
Action: Select the one or more of the following Action(s) for the token:
Admin: Select Admin if you want to allow the token to delete artifacts from the repository.
Push: Select Push if you want the token to push new artifacts to the repository. When choosing Push, you must also set the Pull action for the token.
Pull: Select Pull if you want this token to be able to pull artifacts from the repository.
Note: You can set a single scope when you add a token; however, further scopes can be added later at any time. For more information, see Adding scopes to a token.
5. Click Add Token.
Result: You will get the Docker Login command using the newly created token along with all the details of the newly created credential.
Note: You will only have access to this token's password at this time. We recommend that you save the token safely and securely because the password cannot be recovered.
1. In the DCD, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry that you want to configure.
3. Select the Tokens tab.
4. Identify the token you want to edit and click on the ⋮ on the right side of the table and select Edit.
5. Provide the updated information for the following fields:
Status
Expiry Date (if required)
6. Click Save
1. In the DCD, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry that you want to configure.
3. Navigate to the Tokens section.
4. Identify the token you want to edit and click on the ⋮ on the right side of the table and select the Manage Scope option from the drop-down list.
5. Complete the following fields:
Type Select either of the following types:
Registry: Select it to create a token to get the list of repositories in the registry.
Repository: Select it to manage the contents of the repository(s).
Path: Enter the names of repositories to which the token will have access. *
can be used as a wildcard. *
will provide access to all repositories.
Action: Select the one or more of the following Action(s) for the token:
Admin: Select Admin if you want to allow the token to delete artifacts from the repository.
Push: Select Push if you want the token to push new artifacts to the repository. When choosing Push, you must also set the Pull action for the token.
Pull: Select Pull if you want this token to be able to pull artifacts from the repository.
6. Click Add Scope.
7. Repeat steps 5 and 6 for additional scopes.
8. Click X to close the window.
1. In the DCD, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry that you want to configure.
3. Select the Tokens tab.
4. Identify the token you want to edit and click on the elipses on the right side of the table and select Manage Scope.
5. Identify the scope that is not required and click x Remove or used x Remove all.
6. Click X to close the window.
1. In the DCD, go to Menu > Containers > Container Registry.
2. In the Container Registry Manager, select the Container Registry from which you want to delete the token.
3. Select the Tokens tab.
4. Identify the token you want to delete and click on the elipses on the right side of the table and select x Delete.
5. Review and confirm that you wish to delete the token. This action is irreversible.