Skip to main content
Dockhand supports multiple container registries for pulling and searching images. Connect to Docker Hub, GitHub Container Registry (GHCR), private registries, or any Docker Registry V2 compatible service.

Supported Registries

Docker Hub

Public and private images from the official Docker registry

GitHub Container Registry

Container images stored in GitHub packages

Private Registries

Self-hosted or third-party Docker Registry V2 compatible

Cloud Registries

AWS ECR, Google GCR, Azure ACR, and more

Configuration

Docker Hub

Docker Hub is available by default without configuration. For private images, add authentication:
1

Navigate to registries

Go to Settings > Registries > Add Registry
2

Enter credentials

Use a Docker Hub access token instead of your password for better security.
3

Test connection

Click Test Connection to verify credentials work correctly.

GitHub Container Registry

Connect to GHCR for images stored in GitHub packages:
Registry Configuration
Use a GitHub Personal Access Token (classic) with read:packages scope, not your GitHub password.

Generating GitHub Token

  1. Go to GitHub Settings > Developer settings > Personal access tokens > Tokens (classic)
  2. Click Generate new token (classic)
  3. Select scope: read:packages (and write:packages if pushing images)
  4. Copy the token (shown only once)

Private Registry

Connect to any Docker Registry V2 compatible private registry:

Common Registry URLs

Harbor projects require the project name in image references:

Cloud Registries

AWS Elastic Container Registry requires temporary credentials:
Then configure in Dockhand:
ECR credentials expire after 12 hours. For production use, automate credential refresh or use ECR credential helper.
Configure GCR using a service account:
The password should be the entire JSON key file content.
Enable admin user in ACR, then configure:
Or use service principal for better security.

Registry Schema

The registry configuration uses the following database schema:

Using Registries

Searching Images

1

Open image browser

Navigate to Images > Browse Registry
2

Select registry

Choose a registry from the dropdown or search all registries
3

Search

Enter search term and browse results
4

View details

Click an image to see available tags and pull it

Pulling Images

When pulling an image, Dockhand automatically uses registry credentials:

Image Name Format

Different registries use different naming conventions:

Registry API

Dockhand uses the Docker Registry HTTP API V2:

Catalog Endpoint

List all repositories:
Response:

Tags Endpoint

List tags for an image:
Response:

Search Endpoint

Docker Hub search:
Private registries don’t have a search API. Dockhand searches by filtering the catalog list.

Authentication Methods

Dockhand supports multiple authentication methods:

Basic Authentication

Most common method using username and password/token:

Bearer Token

For registries using OAuth2/token authentication:
  1. Request token from auth service
  2. Use token in subsequent requests

No Authentication

For public registries without authentication, leave credentials empty.

Troubleshooting

  • Verify username and password are correct
  • For tokens, ensure they haven’t expired
  • Check token has required permissions (read:packages, etc.)
  • Try generating a new token
  • Test credentials with Docker CLI:
  • Verify registry URL is correct (including https://)
  • Check DNS resolution: nslookup registry.example.com
  • Test connectivity: curl https://registry.example.com/v2/
  • Ensure firewall allows outbound HTTPS connections
  • Some registries disable catalog listing for security
  • Use direct image search instead of browsing
  • For Docker Hub, catalog listing is not supported
  • Check registry permissions allow catalog access
  • For self-signed certificates, add CA to system trust store
  • Verify certificate is valid and not expired
  • Check certificate matches registry hostname
  • For testing only, Docker daemon can skip verification:
    /etc/docker/daemon.json

Security Best Practices

Registry credentials are stored encrypted in the database. Never share registry passwords in plain text.
  1. Use tokens instead of passwords when available (GitHub, Docker Hub, GitLab)
  2. Rotate credentials regularly (every 90 days)
  3. Use read-only tokens when Dockhand doesn’t need push access
  4. Enable HTTPS for all private registries
  5. Audit registry access regularly to detect unauthorized usage
  6. Use separate credentials for different environments (dev/staging/prod)

Advanced Configuration

Organization Filtering

For registries with many repositories, filter by organization:
This limits searches and catalog browsing to the myorg namespace.

Multiple Registry Instances

Configure multiple entries for the same registry with different credentials:

Default Registry

Set one registry as default for image operations:
  1. Edit registry settings
  2. Enable Set as default
  3. Images without registry prefix will use this registry

Performance Considerations

  • Catalog caching: Large registries cache catalog for 5 minutes
  • Search limits: Registry searches return max 100 results
  • Pagination: Catalog browsing uses pagination (100 items per page)
  • Direct lookup: Searching with full image name (org/image) is faster than partial searches

Next Steps

Image Management

Learn about pulling and managing images

Container Deployment

Deploy containers from registry images