Add credentials
To ensure the security of your artifact storage, it is typically not advisable to have it accessible to the public. For this reason, we offer support for private Docker images and artifact (blob) storage options such as AWS S3, Azure Blob Storage, and Google Cloud Storage. Deeploy can retrieve artifacts from these locations by using a set of credentials.
- Add Docker credentials
- Add Blob credentials
Credentials are added on a Workspace level. To add Docker credentials, navigate to the Credentials page, under the Resources section of your Workspace. The following information is required:
| Parameter | Description | Example |
|---|---|---|
| name | The desired name for the Docker credentials | DockerHub |
| description | The desired description of the Docker credentials | Image X and Y are stored in this registry |
| registry | The registry URL | example.registry, other examples: for DockerHub: https://index.docker.io/v1/, for GitLab: registry.gitlab.com |
| username | The username of the registry | - |
| password | The password of the registry | - |
The credential formats for common docker registries are:
| Registry | Username | Password | |
|---|---|---|---|
| Docker | https://index.docker.io/v1/ | Docker_Username | (password or API key) |
| GitLab | registry.gitlab.com | GitLab_Username | (personal access token with read_registry rights) |
Save the credentials, and use the credentials by checking the Private registry checkbox and selecting the desired Docker credentials
Credentials are added on a Workspace level. To add blob credentials, navigate to the Credentials page, under the Resources section of your Workspace. Switch to the Blob tab. The following information is required:
- Name
- Description (optional)
- Blob type
Three blob types are supported, AWS S3, Google Cloud Storage (GCS) and Azure Blob Storage. Each requires different authentication information (see below). To add your blob credentials, navigate to the Credentials page in your Workspace and click on the Blob tab. Click Add and fill in the information, then click Save to save the credentials. You can use the blob credentials in your Deployments by checking the Private object storage checkbox in the model and explainer sections and selecting the desired blob credentials.
AWS S3
First, in the AWS console, generate access keys for an IAM user that has S3 bucket read access. In Deeploy, fill in the access key in the username field and the secret key in the password field.
Azure Blob Storage
First, in the Azure Portal, create an app registration that has Storage Blob Reader access. Generate a new client secret in your app registration and fill in the following details in Deeploy:
- Tenant ID - Your Azure Tenant ID
- Account - Name of the storage account that your app registration has access to
- Client ID - Client ID of your app registration
- Client secret - Secret value of your client secret
GCS
First, create a service account with GSS read access. Generate a new service account JSON and upload the JSON file using the Upload credentials button.