Will using registry.fly.io/: ensure that the images are accessible only to our account and not to anyone who knows our image name, preventing them from pulling and deploying?
Yes. The images are not public and can only be accessed with a token.
If you want to access (or push) them with
docker CLI, you will need to add authorization to docker config using
fly auth docker command.
So if someone would use the
fly deploy --image registry.fly.io/app:deployment-abcd123 when
app:deployment-abcd123 belongs to our account. The image (app:deployment-abcd123) won’t be returned to other fly.io users, even if they know our image name?
During deploy, an app can only access images that belong to it.
So, if you are deploying to app
app1, it can only access images at
registry.fly.io/app1. Internally we use IDs, not app names, as app names can be reused, but the idea stays the same.
Is this per-app or per-Org?
I’m able to reference an template image that I pushed to another app within the same org
Indeed, I was mistaken. It’s per-org (both during build and deploy). Sorry for misleading you.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.