PrivateId Logo

Section 1: Accessing the PrivateID Docker Image

Overview:

To begin deploying the PrivateID API in your Kubernetes environment, the first step is accessing the container image published on GitHub Container Registry (GHCR). This container hosts the cryptonets-api — a high-performance, privacy-preserving biometric service.


This section guides you through authenticating with GHCR, pulling the image locally, and preparing it for use in your own deployment or private registry. These steps are essential to ensure that the Kubernetes cluster can securely and reliably fetch the container when spinning up application pods.

Step 1.1: Accept Access to the GHCR Repository

You’ll receive a GitHub invitation to access the private container repository. Before proceeding:

  • Log in to GitHub.
  • Visit your GitHub Notifications or check your email.
  • Accept the invitation to the prividentity/cryptonets-api container on GHCR.

Note: You won’t be able to pull the image until this invitation is accepted.

Step 1.2: Authenticate Docker with GitHub Container Registry (GHCR)

Before pulling the image, authenticate your Docker client using a GitHub Personal Access Token (PAT) that includes the read:packages scope.

  # Login to GitHub Container Registry (GHCR)
  echo $GITHUB_TOKEN | docker login ghcr.io -u "your-github-username" --password-stdin
  • Replace "your-github-username" with your actual GitHub username.
  • Replace $GITHUB_TOKEN with your PAT, preferably stored as an environment variable or retrieved from a secrets manager.

Security Tip: Never hardcode your token into scripts or share it. Use environment variables or secret storage tools in CI/CD pipelines.

Step 1.3: Pull the PrivateID API Image

With authentication complete, download the image to your local machine or CI runner: Backend with MemoryDB

  docker pull ghcr.io/prividentity/cryptonets-api:latest

Backend with Mongo Atlas

  docker pull ghcr.io/prividentity/cryptonets-api:mongo

Redis Self Host

  docker pull ghcr.io/prividentity/redis-stack:latest

This command retrieves the latest version of the cryptonets-api image.


Production Reminder: Avoid using the latest tag in production environments. Instead, tag and pin a specific version like v1.2.0 for reproducible builds and reliable deployments.


At this point, you’ve successfully authenticated, pulled the PrivateID container image, and are ready to deploy it to your cluster or push it to your private registry.

Was this page helpful?