Container registries are the unsung heroes of modern Cloud Computing. Sitting there quietly, they ensure that container images are available when new workloads are deployed or existing ones are scaled. They also keep track of the hundreds or possibly thousands of versions of images we produce over the course of a project.

Most developers don't really give their container registries much thought - that is until they migrate to a new CI/CD tool or their project evolves to become multi-cloud. Suddenly, things that worked seamlessly when everything was supplied by one vendor become fiddly to make work. Switching from Google Cloud Build to CircleCI means figuring out static tokens to allow your images to be pushed. Using ECR from a Kubernetes cluster running outside of AWS requires you to refresh registry credentials every 12 hours!

All of the big cloud vendors have designed their systems to work seamlessly with their own products - this increases lock-in by making switching costs high.

Allow Humanitec to tame your multi-vendor registries!

We are excited to announce centralised registry credential management! This new feature means that you won't have to worry about figuring out how to push from your new CI tool or pull from your new on-premise cluster again.

You can register registries from AWS, GCP and Azure along with many others such as private DockerHub, JFrog Artifactory and Harbor. Credentials will then be correctly inserted into your cluster at deployment time - irrespective of whether the registry and cluster are running in the same cloud. You can also optionally make credentials available to CI pipelines which removes the need to keep track of credentials spread out around our CI infrastructure.

For more sensitive setups, Humanitec can even use credentials that are already in the cluster - avoiding storing them in Humanitec's secure credential store. Simply tell Humanitec the secret name and then namespace its in, and the secret will be cloned into the namespace being deployed to.

Getting Started

Getting started is simple. Go to Organization Settings and then click on the Registries tab. From there you can add your registry - selecting the appropriate registry type and filling in the details. At deployment time, Humanitec will detect if a container image path resolves to the registry and will use the credentials you supplied.

This feature provides a simple and secure way to connect any cluster and any CI tool to container registries that you are using across a range of clouds. To find out more, check out our documentation.