Skip to main content
Version: 1.x

OCI Registries

The wasmCloud host supports pulling images for components and providers from OCI (Open Container Initiative) registries.

Allowing Insecure Access to a Registry

By default wasmCloud will pull all images from a registry over HTTPS. If you need to pull images from a registry that does not have a valid certificate, you can allow wasmCloud to pull images from that registry by setting the WASMCLOUD_OCI_ALLOWED_INSECURE environment variable. For example:

shell
export WASMCLOUD_OCI_ALLOWED_INSECURE='myregistry.example.com'
wash up

You may also include multiple registries in a comma-separated list.

Configuring Access to a Private Registry

In production environments, it's common to pull artifacts from a private registry. wasmCloud hosts can configured to authenticate with a private registry using host configuration. For example, the following environment variables can be used to authenticate to the registry specified with the WASMCLOUD_OCI_REGISTRY option:

shell
export WASMCLOUD_OCI_REGISTRY_USER='myuser'
export WASMCLOUD_OCI_REGISTRY_PASSWORD='myp4$$w0rd'
wash up

Working with Multiple Registries

Sometimes it's necessary to pull artifacts from multiple private registries. In this case, a config service can be used to provide supplemental configuration, including credentials for multiple OCI registries.