Docker Registry

Cloudsmith provides public & private registries for Docker images


Docker is an ecosystem that is used to run packaged software known as containers. A container image is bundled with all of the software and configured required to run as an independent process (or collection of processes), and an executing container is isolated from other containers and processes.

Docker provides the concept of the registry as a storage service for storing and distributing image containers for use. The official one of which is Docker Hub, which is owned and operated by Docker itself.

Cloudsmith provides a fully-fledged Docker registry with full compatibility for current and future versions of the Docker engine and container image formats. With Cloudsmith you'll be able to push, pull, inspect and manage container images, privately and publicly.

All of this is provided with the standard functionality and features that are offered in the Cloudsmith platform, such as collaboration, advanced permissioning, whitelabelled distribution, multi-tenacy with other packaging formats, etc.

For more information on Docker, please see:

  • Docker: The official website for Docker (the company and product).
  • Docker Hub: The official public registry for Docker repositories.
  • Docker Article: The Wikipedia article on Docker.
Contextual Documentation

The examples in this document are generic. Cloudsmith provides contextual setup instructions within each repository, complete with copy n' paste snippets (with your namespace/repo/rsa-key pre-configured).

Differences from Docker

For clarity, it's important to note some of the differences between a registry such as Docker Hub, and a Cloudsmith Docker registry. These are both naming and functional in nature.

Naming Differences

Docker defines the following names (this is not the official wording):

  • Layer: A blob (big object of bytes) containing software and configuration.
  • Image: A collection of Docker layers plus metadata that represent an application.
  • Container: A running instance of a Docker image in-memory.
  • Repository: A collection of Docker images, separated by hashref and version tags.
  • Registry: A collection of all Docker repositories, separated by namespaces.

For comparison purposes, where terms differ from Cloudsmith:

  • Package: A specific identifiable and versionable artifact.
  • Repository: A collection of versionable artifacts, with multiple allowed per account.

Therefore, based on the above, the following terms are equivalent:

Docker TermCloudsmith Term

For consistency, the Docker terms will be used within all of the Docker-related documentation but please be aware of the differences if looking at documentation elsewhere.

Functionality Differences

We have attempted to achieve absolute compatibility at the wire (API) level with Docker Hub and the Docker registration specification (2.0). The functionality differs in how the registry itself is treated.

Referring to the naming differences section above, every Cloudsmith account can have multiple Cloudsmith repositories. Each Cloudsmith repository is an individual Docker registry in its own right and will require a different login in order to push/pull images for it.

As such, it is also not possible to have a global registry of all images on Cloudsmith. This may change in the future as we introduce different forms of Cloudsmith repositories and groupings.

In the following examples:

OWNERYour Cloudsmith account name or organisation name (namespace)
REGISTRYYour Cloudsmith Repository name (also called "slug")
TOKENYour Cloudsmith Entitlement Token (see Entitlements for more details)
USERNAMEYour Cloudsmith username
PASSWORDYour Cloudsmith password
API-KEYYour Cloudsmith API Key
IMAGE_NAMEThe name of your Docker image
TAGA tag for your Docker image

Upload an Image


If you have added a Custom Domain for Docker, you must use it to authenticate and push. Please replace in the following instructions with the Docker custom domain you have created.

Publish via Docker

The endpoint for the native Docker API is:

Or if you're referring to it from docker commands:

In order to authenticate for native publishing, you'll need use docker login:

docker login

You will be prompted for your Username and Password. Enter your Cloudsmith username and your Cloudsmith API Key.

To publish an image to a Cloudsmith-based Docker registry, you first need to tag your image:

docker tag IMAGE_NAME:TAG



Docker images are not automatically tagged as 'latest' based on upload date / time. In order to ensure that you have an image tagged as 'latest' you need to explicitly tag the image. For example:

docker tag your-image:latest

You can then publish the tagged image using docker push:

docker push

Upload via the Cloudsmith CLI or Website

To upload via the Cloudsmith CLI or Website. you need to export your Docker image first. You can do this with:

docker save -o IMAGE_NAME.docker IMAGE_NAME:TAG

This exports the full contents of the image, including all metadata and layers.

Upload via Cloudsmith CLI

For full details of how to install and setup the Cloudsmith CLI, see Command Line Interface.

The command to upload a Docker image via the Cloudsmith CLI is:

cloudsmith push docker OWNER/REGISTRY IMAGE_NAME.docker


cloudsmith push docker org/repo your-image.docker

Upload via Cloudsmith Website

Please see Upload a Package for details of how to upload via the Website UI.

Download / Pull an Image


Public Registries

For public registries, no further setup is needed as authentication is not required.

Private Registries


Private Registries require authentication. You can choose between two types of authentication, Entitlement Token Authentication or HTTP Basic Authentication.

The setup method will differ depending on what authentication type you choose to use.


Entitlement Tokens, User Credentials and API-Keys should be treated as secrets, and you should ensure that you do not commit them in configurations files along with source code or expose them in any logs

You need to authenticate via docker login to pull images:

docker login
Password: TOKEN

Login Succeeded
docker login
Password: PASSWORD

Login Succeeded
docker login
Password: API-KEY

Login Succeeded
docker login
Password: TOKEN

Login Succeeded

Pull an Image

Pulling (downloading) an image from the Cloudsmith Docker registry can be done using the standard docker pull command:

docker pull

To refer to this image after pulling in a Dockerfile, specify the following:


Security Scanning


Please see our Security Scanning documentation for further information.

Current Limitations

The Cloudsmith Docker registry implementation currently has the following limitations:

  • Remote layer mounting (for non-distributable layers, such as Windows) is currently not supported.
  • Digests for images will not match those pushed to Docker Hub (but layers will match).
  • Digests for offline image uploads (via docker save) will not match those from docker push.

Upstream Proxying / Caching

Configurable Proxying Caching

You can configure upstream Docker registries you wish to use for images. In addition, you can also choose to cache any requested images for future use.

Key Signing Support

RSA Index


Please see the Troubleshooting page for further help and information.

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial Now
Cookie Declaration (Manage Cookies)