Allow Using Private Docker Images


#1

Is there any way to use private docker images? If not - is that planned?
We want to be able to put a small db, and have some private code inside the image to speed up the build. But we can’t possibly make it available publicly :frowning:


Frequently Asked Questions
#2

We can see that there is an option to use a private repository like so:
containerInfo:
- image: ip:port/image:version

circle tries to download from a given external URL

but I’m not sure if there is any way to authorize that as well. In that case, if I understand correctly - the images would still be public as long as we can’t use a firewall to allow only circle and internal network to access the server.


#3

Access to private Docker images is not available yet but is definitely on the radar! As a work around, you could create a public version of your docker image minus any sensitive data.


#4

To add onto this, until we support private images you can use our caching save and restore steps to speed up your build. Those cache files are available only to the project associated with it, so you’ll get the privacy you’re looking for.


#5

Glad to hear that private repos is on the works. We definitely need this feature as well.


#6

Ah private images are a must for us as well. Happy to hear it’s in the works though. Do you think we’ll see private images supported in this beta before an official circle 2.0 release?


#7

@joeellis Possibly, but maybe not while the beta is still closed.


#8

This is a deal breaker for us…


#9

+1 for private images. Essential for our workflow.


#10

+1 for private repo’s, it’s a blocker for our team to have a full CI implementation. We build a apis and single page apps for our clients, we need to be able to run the API images to test our SPAs. We mostly build closed source projects. The source code itself is sensitive and can’t be shared via a public docker repo.


#11

Thanks for all the feedback everyone, moved this to a “feature request” so we can keep track of it outside of the support thread.

We intend to have this feature, but do not yet have an ETA.


#12

While you’re at it, you could detect ECR repositories by their domain name and run “aws ecr get-login --region bla | sh” on your build server using the AWS credentials you let us set in the web interface.


#13

When you add support for private repositories, please include ECR repositories as well as docker hub repos.


#14

+1 certainly need private repo’s, do we have an ETA to enable this. Surely this is not a big job just to enable an authentication into dockerhub?


#15

It is a big deal if you want your private images to be secure. In the meantime, you can use them now by authenticating and pulling them down manually. You can execute your tests in that image and even run MySQL or other services in the same Docker network.


#16

Out of interest, how might you deal with authentication when automatically pulling images? Would authorising a CircleCI account with Docker Hub be enough to allow the executor access to that Docker Hub account’s private images?


#17

It requires docker login so maybe a new UI setting or env vars. We’ll know for sure when it’s released.

For now, you can use docker login manually with env vars in the UI and pull down images.


#18

Fair enough, sounds good!

We’re interested in using executorType: docker specifically. This is because of the speed increases; having private images would be a nifty way to get our deployment creds into the build environment.


#19

You can now use Private Images in Docker executor using our Remote Docker Environment.

Here are the details: https://circleci.com/docs/2.0/private-images/


#20

Nice- so if we can get our image into the environment, how would we go about getting the rest of our build steps to run within that private container?

For our use case, we’re not specifically looking to build a docker image; we simply want to use our pre-built image as the environment in which to build our apps.