Will using registry.fly.io/: ensure that the images are accessible only to our account and not to anyone who knows our image name, preventing them from pulling and deploying?
Hi @fly-learner
Yes. The images are not public and can only be accessed with a token.
If you want to access (or push) them with docker CLI, you will need to add authorization to docker config using fly auth docker command.
2 Likes
So if someone would use the fly deploy --image registry.fly.io/app:deployment-abcd123 when app:deployment-abcd123 belongs to our account. The image (app:deployment-abcd123) won’t be returned to other fly.io users, even if they know our image name?
That’s right.
During deploy, an app can only access images that belong to it.
So, if you are deploying to app app1, it can only access images at registry.fly.io/app1. Internally we use IDs, not app names, as app names can be reused, but the idea stays the same.
2 Likes
Is this per-app or per-Org?
I’m able to reference an template image that I pushed to another app within the same org
FROM registry.fly.io/<containers-app>:latest
1 Like
Indeed, I was mistaken. It’s per-org (both during build and deploy). Sorry for misleading you.
2 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.