🎉 Announcing new lower pricing — up to 40% lower costs for Cloud Servers and Cloud SQL! Read more →


Docker Container Registry

The Brightbox Container Registry allows you to store and access your Docker container images. All image data is stored in Orbit, our durable and highly-available object storage system. Access is controlled using Brightbox user credentials or API Clients.

Container Registry addresses looks like this:


acc-xxxxx is your account id and repositoryname is an arbitrary name you can choose. You can have multiple repositories on an account (they map to Orbit storage containers).

Setup a repository

Let’s setup our first repository called myapp. We’ll use our user credentials to authenticate, as users have read and write access to Orbit containers by default.

Create the Orbit storage container

Log into Brightbox Manager and create an Orbit container called myapp_ctrimages. This is where the data for your repository will be stored.

Login to the container registry

Use docker to login to cr.brightbox.com with your Brightbox user credentials.

$ docker login cr.brightbox.com
Username: john@example.com

If you’re using two factor authentication, you’ll need to use a temporary access token as your password here. You can get one from Brightbox Manager, or from our CLI, if you have that set up.

$ brightbox token show --format=token | docker login --username john@example.com --password-stdin cr.brightbox.com

Tag and push your image

Tag your image using the container registry url format:

$ docker tag myapp:latest cr.brightbox.com/acc-xxxxx/myapp/myapp:latest

Then push your image:

$ docker push cr.brightbox.com/acc-xxxxx/myapp/myapp:latest

Setup pull-only access

Users on an account can push and pull to all Orbit containers. Pull-only access is often required for automated deployment systems, such as Kubernetes. To grant access to pull images, but not to push them, we need to create an API client and grant it read-only access to the Orbit container.

Create the API Client

In Brightbox Manager, click the cog icon at the top left and click API access. Then click New API Client. Give the client a descriptive name and set Privileges to Orbit Storage Only. Then click Save and note the Client ID and secret.

Grant access

Click Orbit Storage in the right navigation bar, find your myapp_ctrimages Orbit container and edit it. In the Permissions section, list the client id in the Read permissions section. You need to prefix it with your account id and a colon (acc-xxxxx:cli-yyyyy). You can grant access to multiple API clients here, one per line:


Now use docker to login with the API client id (cli-yyyyy) and secret and you’ll only have pull access:

$ docker push cr.brightbox.com/acc-xxxxx/myapp/myapp:latest
The push refers to repository [cr.brightbox.com/acc-xxxxx/myapp/myapp:latest]
a1fb5336b21b: Preparing 
0cf639c5ca08: Preparing 
273c52a45c0f: Preparing 
9196935b6a5c: Preparing 
62068e02da20: Preparing 
dcd61d2ac531: Waiting 
71ce2dc7f761: Waiting 
0d960f1d4fba: Waiting 
unauthorized: authentication required

Last updated: 11 Apr 2019 at 12:23 UTC

Try Brightbox risk-free with £20 free credit Sign up takes just two minutes...