Authenticate to Katapult Container Registry

When using the Katapult Container Registry, you need to authenticate to access your container images. This guide will walk you through the authentication process.

Get an API token

To authenticate to the Katapult Container Registry, you need an API token. You can generate different types of API tokens depending on your needs.

• Organization API token: This token is used to authenticate to the Katapult Container Registry and can be used by all users in your organization. It is useful for CI/CD pipelines or other automated processes.
• User API token: This token is used to authenticate to the Katapult Container Registry and is tied to your user account. It is useful for personal use or when you need to authenticate as a specific user.

Generate a Organization level API token

1. Log in to your Katapult account.
2. Navigate to the API Tokens section in your account settings.
3. Give your token a name.
4. Optional: Set Authorized IP Addresses to restrict access to your token.
5. Select the scopes you need. For the Container Registry, you will need the Core: Manage container registries scope or Core: Read-only access to container registries if you only need read access.
6. Click Create API token.
7. Copy the generated token and store it securely. You will not be able to see it again.

Generate an individual User API Token

1. Log in to your Krystal Identity account.
2. Navigate to the Static Access Tokens
3. Click Create new static access token
4. Give your token a name.
5. Select an expiration date for your token.
6. Click Create token.
7. Copy the generated token and store it securely. You will not be able to see it again.
8. Click Manage scopes.
9. Select the scopes you need. For the Container Registry, you will need the Manage container registries scope or Read-only access to container registries if you only need read access.
10. Click Save scopes.

Use the API token

This will be used as your password when authenticating to the Katapult Container Registry. You can use the API token to authenticate to the Katapult Container Registry using Docker or other container tools.

Docker

docker login kcr.io \
    --username <your-katapult-email> \
    --password <your-api-token>

Podman

podman login kcr.io \
    --username <your-katapult-email> \
    --password <your-api-token>

Skopeo

skopeo login kcr.io \
    --username <your-katapult-email> \
    --password <your-api-token>

Buildah

buildah login kcr.io \
    --username <your-katapult-email> \
    --password <your-api-token>

Helm

helm registry login kcr.io \
    --username <your-katapult-email> \
    --password <your-api-token>