Schedule a FREE onboarding and start making pipelines fast.

Multi-registry and security

| December 19, 2017

Being able to call on any Docker container during a pipeline is incredibly powerful but introduces certain security issues. In the old days you might work with a single server for build tooling and you’d carefully construct, vet, and deploy it. With the rise of Docker however you can work with any number of images that you may or may not be familiar with.

What if someone introduced a root kit into your pipeline? How much damage could they do? How quickly would you catch it? To be security conscious you’ll need a strategy in place for how images can be introduced to your processes, vetted, and stored. This is where using multiple registries becomes invaluable.

Every Registry a Purpose

Production Docker Registry

Only images that have been fully vetted should be allowed here. Not only are they secure, they are also throughly tested and validated to be in proper working order. The ops team will care most about this registry.

Secure Testing Area Registry

All the images used to test and prep images for production should be kept in this registry. They should be tested for security and versioned so the pipeline is reliable. The process of onboarding new images should be automated so you don’t fall into the trap of using old software.

Build, Test, and Debug Registry

Finally we need a registry that’s for images in progress. These images are less trusted and can be broken. This registry is critical because without it’s very difficult to fix and debug images.

Free private Docker registry

Codefresh includes a free private Docker registry, it’s designed to complement your Production and Secure registries. If course, you can also integrate all your own registries into Codefresh very easily.

 

Follow me on Twitter