Using a Private Docker Registry

To supply credentials to pull from a private Docker registry, create an archive of your Docker credentials, then add it as a URI in your application definition.

Step 1: Compress Docker credentials

  1. Log in to the private registry manually. Login creates a .docker folder and a .docker/config.json file in your home directory.

      docker login
      Username: foo
  2. Compress the .docker folder and its contents.

    cd ~
    tar -czf docker.tar.gz .docker
  3. Verify that both files are in the archive.

      tar -tvf ~/docker.tar.gz
      drwx------ root/root         0 2015-07-28 02:54 .docker/
      -rw------- root/root       114 2015-07-28 01:31 .docker/config.json
  4. Put the archive file in a location that is accessible to your application definition.

    cp docker.tar.gz /etc/

Important: The URI must be accessible by all nodes that will start your application. You can distribute the file to the local filesystem of all nodes, for example via RSYNC/SCP, or store it on a shared network drive like Amazon S3. Consider the security implications of your chosen approach carefully.

Step 2: Add URI path to app definition

  1. Add the path to the archive file login credentials to your app definition.

    "uris": [

    For example:

      "id": "/some/name/or/id",
      "cpus": 1,
      "mem": 1024,
      "instances": 1,
      "container": {
        "type": "DOCKER",
        "docker": {
          "image": "",
          "network": "HOST"
      "uris":  [
  2. The Docker image will now pull using the security credentials you specified.