Add credentials
To ensure the security of your artifact storage, it is typically not advisable to have it accessible to the public. For this reason, we offer support for private Docker images and artifact (blob) storage options such as AWS S3, Azure Blob Storage, and Google Cloud Storage. Deeploy can retrieve artifacts from these locations by using a set of credentials.
- Add Docker credentials
- Add Blob credentials
Credentials are added on a Workspace level. To add Docker credentials, navigate to the Credentials page, under the Resources section of your Workspace. The following information is required:
| Parameter | Description | Example |
|---|---|---|
| name | The desired name for the Docker credentials | DockerHub |
| description | The desired description of the Docker credentials | Image X and Y are stored in this registry |
| registry | The registry URL | example.registry, other examples: for DockerHub: https://index.docker.io/v1/, for GitLab: registry.gitlab.com |
| username | The username of the registry | - |
| password | The password of the registry | - |
The credential formats for common docker registries are:
| Registry | Username | Password | |
|---|---|---|---|
| Docker | https://index.docker.io/v1/ | Docker_Username | (password or API key) |
| GitLab | registry.gitlab.com | GitLab_Username | (personal access token with read_registry rights) |
Save the credentials, and use the credentials by checking the Private registry checkbox and selecting the desired Docker credentials
Credentials are added on a Workspace level. To add blob credentials, navigate to the Credentials page, under the Resources section of your Workspace. Switch to the Blob tab. The following information is required:
- Name
- Description (optional)
- Blob type
The credential formats for supported blob storage are:
| Blob type | AWS S3 | GCS | Azure Blob |
|---|---|---|---|
| Username | The IAM user access key with access to the S3 bucket | - | - |
| Password | The IAM user secret access key with access to the S3 bucket | Service account JSON | The Client Secret of the Azure storage service |
| Tenant ID | - | - | The Tenant ID of the Azure storage service |
| Account | - | - | The Account name used for the Azure URL |
| Client ID | - | - | The Client ID of the Azure storage service |
Save the credentials, and use the credentials by checking the Private object storage checkbox and selecting the desired Blob credentials
S3 region (Deeploy Cloud only)
When specifying an s3 bucket in a different region than eu-central-1 you need to specify it in the blob section.
# this reference is used in example repository:
# https://gitlab.com/deeploy-ml/sample-models/example-pytorch-mnist
{
"reference": {
"blob": {
"url": "s3://deeploy-examples/pytorch/mnist/model",
"credentialsId": "8bf16fee-9ccd-41f5-ae86-06d89801c819",
"region": "eu-west-1",
}
}
}