Private Registries¶

Updock can pull images from private registries by sharing Docker credentials from the host or using credential helpers.

The simplest method is to mount the host's Docker config file into the Updock container:

docker run -d \
  --name updock \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v ~/.docker/config.json:/config.json:ro \
  -e UPDOCK_DOCKER_CONFIG=/config.json \
  updock/updock

Tip

Mount the config as read-only (:ro) since Updock only needs to read credentials, never write them.

If you run docker login on the host, credentials are stored in ~/.docker/config.json. You can share this file directly:

services:
  updock:
    image: ghcr.io/huseyinbabal/updock:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/deploy/.docker/config.json:/config.json:ro
    environment:
      - UPDOCK_DOCKER_CONFIG=/config.json

The config file typically looks like:

{
  "auths": {
    "registry.example.com": {
      "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="
    }
  }
}

`--docker-config` Flag¶

Use this flag to specify a custom path to the Docker config file:

updock --docker-config /etc/updock/registry-auth.json

Argument	Environment Variable	Default
`--docker-config`	`UPDOCK_DOCKER_CONFIG`	`~/.docker/config.json`

Credential Helpers¶

Updock supports Docker credential helpers for dynamic token retrieval. Configure the helper in your config.json:

Amazon ECRGoogle GCR / Artifact RegistryAzure ACR

{
  "credHelpers": {
    "123456789.dkr.ecr.us-east-1.amazonaws.com": "ecr-login"
  }
}

Make sure docker-credential-ecr-login is available inside the Updock container. Mount it as a volume or build a custom image:

FROM updock/updock
COPY --from=amazon/amazon-ecr-credential-helper /usr/local/bin/docker-credential-ecr-login /usr/local/bin/

You must also provide AWS credentials via environment variables or instance role.

{
  "credHelpers": {
    "gcr.io": "gcloud",
    "us-docker.pkg.dev": "gcloud"
  }
}

Alternatively, use a service account key:

{
  "auths": {
    "gcr.io": {
      "auth": "<base64 of _json_key:<service-account-json>>"
    }
  }
}

{
  "credHelpers": {
    "myregistry.azurecr.io": "acr-login"
  }
}

Warning

When using credential helpers, the helper binary must be accessible inside the Updock container at runtime. Mount it from the host or extend the Updock image.

Multiple Registries¶

A single config.json can contain credentials for multiple registries:

{
  "auths": {
    "registry.example.com": { "auth": "..." },
    "ghcr.io": { "auth": "..." }
  },
  "credHelpers": {
    "123456789.dkr.ecr.us-east-1.amazonaws.com": "ecr-login"
  }
}

Updock resolves credentials by matching the image's registry hostname against the entries in the config file.

Private Registries¶

Sharing Docker Credentials¶

Docker Login¶

--docker-config Flag¶

Credential Helpers¶

Multiple Registries¶

`--docker-config` Flag¶