The Anchore Engine will attempt to download images from any registry without requiring further configuration. However if your registry requires authentication then the registry and corresponding credentials will need to be defined.
Running the following command lists the defined registries.
$ anchore-cli registry list Registry User docker.io anchore quay.io anchore registry.example.com johndoe 192.168.1.200:5000 janedoe
Here we can see that 4 registries have been defined. If no registry was defined then the Anchore Engine would attempt to pull images without authentication but a registry is defined then all pulls for images from that registry will use the specified username and password.
Adding a Registry
Registries can be added using the following syntax.
anchore-cli registry add REGISTRY USERNAME PASSWORD
The REGISTRY parameter should include the fully qualified hostname and port number of the registry. For example: registry.anchore.com:5000
Anchore Engine will only pull images from a TLS/SSL enabled registry. If the registry is protected with a self signed certificate or a certificated signed by an unknown certificate authority then the
--insecure parameter can be passed which instructs the Anchore Engine not to validate the certificate.
Most Docker V2 compatible registries require username and password for authentication. Amazon ECR, Google GCR and Microsoft Azure include support for their own native credentialing. See Working with AWS ECR Registry Credentials, Working with Google GCR Registry Credentials and Working with Azure Registry Credentials for more details.
Getting Registry Details
The registry get command allows the user to retrieve details about a specific registry.
$ anchore-cli registry get registry.example.com Registry: registry.example.com User: johndoe Verify TLS: False Created: 2017-09-02T18:25:34 Updated: 2017-09-02T18:25:34
In this example we can see that the registry.example.com registry was added to the Anchore Engine on the 2nd September at 18:25 UTC. This registry. The password for the registry cannot be retrieved through the API or CLI.
Updating Registry Details
Once a registry had been defined the parameters can be updated using the update command. This allows a registry’s username, password and insecure (validate TLS) parameters to be updated.
anchore-cli registry update REGISTRY USERNAME PASSWORD [--insecure]
A Registry can be deleted from Anchore’s configuration using the
For example to delete the configuration for registry.example.com the following command should be issued:
anchore-cli registry delete registry.example.com
Note: Deleting a registry record does not delete the records of images/tags associated with that registry.
Anchore engine attempts to perform a credential validation upon registry addition, but there are cases where a credential can be valid but the validation routine can fail (in particular, credential validation methods are changing for public registries over time). If you are unable to add a registry but believe that the credential you are providing is valid, or you wish to add a credential to anchore before it is in place in the registry, you can bypass the registry credential validation process using the
--skip-validation option to the
registry add command.