PrivateId Logo

Section 2: Pushing the Image to Your Own Docker Registry (Optional)

Overview:

While you can deploy the cryptonets-api image directly from GitHub Container Registry (GHCR), many enterprise environments prefer to mirror trusted images into their own private container registry. Doing so improves:

  • Security – Internal scanning and approval pipelines
  • Latency – Regional hosting, reducing cold start times
  • Governance – Visibility and audit logs over all running images

This section walks through retagging and pushing the PrivateID container image to AWS ECR, Google Artifact Registry, or Azure Container Registry. If you’re using Harbor, JFrog, or a self-hosted registry, the general steps will still apply.

Step 2.1: Tag the Image for Your Registry

Once you’ve pulled the image from GHCR (see Section 1), you need to retag it to match your private registry's format.

  # General tagging format
  docker tag ghcr.io/prividentity/cryptonets-api:latest <your-registry>/<namespace>/<image-name>:<tag>

Example: AWS ECR

  docker tag ghcr.io/prividentity/cryptonets-api:latest \
  123456789012.dkr.ecr.us-west-2.amazonaws.com/privateid/cryptonets-api:v1.0.0

Recommendation: Use semantically versioned tags (e.g., v1.2.0) rather than latest in production environments to ensure repeatability.

Step 2.2: Push the Tagged Image

Once tagged, push the image to your private registry:

  docker push <your-registry>/<namespace>/<image-name>:<tag>

If you haven't authenticated to your registry yet, refer to the correct login command for your cloud provider below.


Cloud-Specific Docker Login Commands

AWS ECR

  aws ecr get-login-password --region us-west-2 | \
  docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-west-2.amazonaws.com

Google Artifact Registry

  gcloud auth configure-docker us-docker.pkg.dev

Azure ACR

  az acr login --name <your-acr-name>

Step 2.3: Create a Kubernetes Image Pull Secret (if needed)

If your Kubernetes cluster needs credentials to access the private registry, create a Docker registry secret:

  kubectl create secret docker-registry regcred \
    --docker-server=<your-registry> \
    --docker-username=<your-username> \
    --docker-password=<your-password> \
    --docker-email=<your-email>

Then reference that secret in your deployment.yaml:

  spec:
    imagePullSecrets:
    - name: regcred

Tip: Use workload identity federation or node IAM roles when possible to avoid static credentials.


You’ve now mirrored the PrivateID Docker image into your own registry and are ready to deploy it in a fully private, auditable, and secure pipeline.

Was this page helpful?