ConfigurationRegistriesDHI
DHI (Docker Hardened Images)
The dhi registry lets you configure Docker Hardened Images integration.
The dhi registry lets you configure Docker Hardened Images integration.
Supported credential shapes:
- Docker ID login + password (
LOGIN+PASSWORD) - Docker ID login + access token (
LOGIN+TOKEN) - Base64 auth string (
login:password), like.docker/config.json
Variables
| Env var | Required | Description | Supported values | Default value when missing |
|---|---|---|---|---|
DD_REGISTRY_DHI_{REGISTRY_NAME}_LOGIN | ⚪ | Docker ID login | Required with PASSWORD or TOKEN | |
DD_REGISTRY_DHI_{REGISTRY_NAME}_PASSWORD | ⚪ | Docker ID password or access token | DD_REGISTRY_DHI_{REGISTRY_NAME}_LOGIN must be defined | |
DD_REGISTRY_DHI_{REGISTRY_NAME}_TOKEN | ⚪ | Docker ID access token | DD_REGISTRY_DHI_{REGISTRY_NAME}_LOGIN must be defined; cannot be combined with PASSWORD | |
DD_REGISTRY_DHI_{REGISTRY_NAME}_AUTH | ⚪ | Base64 auth string (login:password) | Cannot be combined with LOGIN/PASSWORD/TOKEN |
Registry auth fails closed for invalid combinations. Use exactly one complete shape:
LOGIN+PASSWORD, LOGIN+TOKEN, AUTH, or no credentials. The former token-only DD_REGISTRY_DHI_PUBLIC_TOKEN compatibility configuration is rejected in v1.6 instead of silently falling back to anonymous access; pair it with DD_REGISTRY_DHI_PUBLIC_LOGIN or remove it for intentional anonymous pulls.Examples
Configure with login/password
services:
drydock:
image: codeswhat/drydock
...
environment:
- DD_REGISTRY_DHI_PUBLIC_LOGIN=mydockerid
- DD_REGISTRY_DHI_PUBLIC_PASSWORD=my-token-or-passworddocker run \
-e DD_REGISTRY_DHI_PUBLIC_LOGIN="mydockerid" \
-e DD_REGISTRY_DHI_PUBLIC_PASSWORD="my-token-or-password" \
...
codeswhat/drydockConfigure with base64 auth string
services:
drydock:
image: codeswhat/drydock
...
environment:
- DD_REGISTRY_DHI_PUBLIC_AUTH=bXlkb2NrZXJpZDpteS10b2tlbi1vci1wYXNzd29yZA==docker run \
-e DD_REGISTRY_DHI_PUBLIC_AUTH="bXlkb2NrZXJpZDpteS10b2tlbi1vci1wYXNzd29yZA==" \
...
codeswhat/drydock