# Private Docker Registries Valohai supports pulling images from private Docker registries. Once configured, your organization's projects can use private images just like public ones. ## Supported registries Valohai supports authentication with: * [AWS Elastic Container Registry (ECR)](/docker-in-valohai/private-docker-registries/aws-ecr.md) * [Docker Hub](/docker-in-valohai/private-docker-registries/docker-hub.md) * [Google Cloud Artifact Registry](/docker-in-valohai/private-docker-registries/gcp.md) * [Azure Container Registry](/docker-in-valohai/private-docker-registries/acr.md) * [JFrog Artifactory](/docker-in-valohai/private-docker-registries/jfrog.md) * Any registry using standard Docker authentication ## How it works 1. **Organization admins** configure registry credentials in Valohai 2. **Match patterns** determine which images use which credentials 3. **All projects** in your organization can pull matching private images 4. **Workers** automatically authenticate when pulling images ## Who can configure registries? Only **organization admins** can add and manage private registry credentials. Personal projects cannot access organization-level private registries. If you need private images, make sure your project is owned by an organization. ## Setup process Each registry type has specific authentication requirements: * **AWS ECR**: IAM user or instance role * **Docker Hub**: Access token (not password) * **GCP Artifact Registry**: Service account with Reader role * **Azure Container Registry**: Service principal * **JFrog**: Access token Follow the guide for your registry to get started. ## Using private images After configuration, reference private images in your `valohai.yaml` using their full name: ```yaml - step: name: train-model image: myregistry.azurecr.io/ml-training:v2.0 command: - python train.py ``` No changes to your code needed, Valohai handles authentication automatically. ## Troubleshooting image pulls ### Error: "unauthorized" or "access denied" **Check:** 1. Registry credentials are correctly configured in organization settings 2. Match pattern covers your image (e.g., `myregistry.azurecr.io/*`) 3. Project is owned by an organization (personal projects can't access private registries) 4. Credentials have read permissions for the repository ### Image pull takes too long or times out If pulls are consistently slow: * Your registry might be rate-limiting requests * Network connectivity between workers and registry might be constrained * Consider setting up a [pull-through cache](/docker-in-valohai/image-best-practices.md#speed-up-image-downloads-with-a-pull-through-cache) ### Need to verify which image was used? Check the execution logs. Valohai logs the full image name and digest when pulling: ``` Pulling image: myregistry.azurecr.io/ml-training:v2.0 Image digest: sha256:abc123... ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.valohai.com/docker-in-valohai/private-docker-registries.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.