Skip to main content

Quickstart

The Katapult Container Registry (KCR) is a secure and private container image repository service. It lets you store, manage, and distribute Docker container images for your applications.

KCR is Open Container Initiative (OCI) compliant.

Getting Started

Before pushing or pulling images, you'll need to authenticate with the registry.

Authentication

To access the Katapult Container Registry, you'll need to authenticate using your email address and a user API token.

Recommended approach:

  • Username: Your email address (e.g., john@company.com)
  • Password: User API token from Krystal Identity

You can create a user API token in Krystal Identity and assign it the Manage container registries scope for full access or Read-only access to container registries for read-only access.

For detailed authentication instructions including alternative approaches, see Authentication.

Image Path Structure

Container images are always stored using your organization's subdomain in the path (e.g., kcr.io/my-organization/my-app:latest), regardless of which authentication method you use. The examples below use my-organization as a placeholder for your actual organization subdomain.

Log in to Container Registry using the Docker CLI:

docker login kcr.io

Pushing Artifacts

Tag your local image with the registry path:

docker tag my-application:latest kcr.io/my-organization/my-application:latest

Push the image:

docker push kcr.io/my-organization/my-application:latest

Pulling Artifacts

Pull an image from the registry:

docker pull kcr.io/my-organization/my-application:latest