Skillshub managing-container-registries
install
source · Clone the upstream repo
git clone https://github.com/ComeOnOliver/skillshub
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ComeOnOliver/skillshub "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/jeremylongshore/claude-code-plugins-plus-skills/managing-container-registries" ~/.claude/skills/comeonoliver-skillshub-managing-container-registries-fb0b07 && rm -rf "$T"
manifest:
skills/jeremylongshore/claude-code-plugins-plus-skills/managing-container-registries/SKILL.mdsource content
Managing Container Registries
Overview
Manage container registries across Docker Hub, AWS ECR, GCP Artifact Registry, Azure ACR, and self-hosted registries (Harbor, Nexus). Automate image tagging, lifecycle policies, cross-region replication, vulnerability scanning integration, and access control for container image storage and distribution.
Prerequisites
- Docker CLI installed and authenticated to the target registry
- Cloud provider CLI (
,aws
,gcloud
) for managed registriesaz - Registry credentials configured (
or credential helpers)docker login - Understanding of image naming conventions (registry/namespace/image:tag)
- IAM permissions for registry operations (push, pull, delete, admin)
Instructions
- Identify the target registry type: ECR, Artifact Registry, ACR, Docker Hub, or self-hosted
- Configure authentication: set up credential helpers for automated access (
,docker-credential-ecr-login
)gcloud auth configure-docker - Define image naming and tagging strategy: use semantic versioning for releases, git SHA for CI builds,
only for developmentlatest - Create repository/namespace structure organized by team, application, or environment
- Configure lifecycle policies to auto-delete untagged images and images older than retention threshold (e.g., keep last 10 tagged images, delete untagged after 7 days)
- Set up vulnerability scanning: enable automatic scanning on push (ECR scan-on-push, GCP Container Analysis)
- Configure cross-region replication for disaster recovery and latency reduction
- Implement access control: read-only for CI pull, push access for CI build agents, admin for operators
- Generate Terraform/IaC for registry infrastructure and policies
Output
- Terraform/CloudFormation for registry creation with lifecycle and replication policies
- Docker credential helper configuration scripts
- CI/CD pipeline steps for building, tagging, and pushing images
- Lifecycle policy JSON (ECR) or cleanup scripts (Docker Hub, Harbor)
- RBAC configurations for registry access control
Error Handling
| Error | Cause | Solution |
|---|---|---|
| Missing push/pull permissions or expired token | Re-authenticate with |
| Image tag does not exist in the registry | Verify image name and tag; check if lifecycle policy deleted the image |
| Registry storage quota exceeded | Increase quota, run lifecycle cleanup, or delete unused images |
| Credential helper not configured or token expired | Set up credential helper ( |
| Docker Hub pull rate limit hit | Use authenticated pulls, mirror images to private registry, or upgrade Docker Hub plan |
Examples
- "Set up an AWS ECR repository with scan-on-push enabled, lifecycle policy to keep last 20 tagged images, and cross-region replication to us-west-2."
- "Configure GCP Artifact Registry with Docker credential helper and a cleanup policy for images not pulled in 90 days."
- "Create a CI pipeline step that builds a Docker image, tags it with the git SHA and
, pushes to ECR, and fails if Critical vulnerabilities are found."latest
Resources
- AWS ECR: https://docs.aws.amazon.com/AmazonECR/latest/userguide/
- GCP Artifact Registry: https://cloud.google.com/artifact-registry/docs
- Azure ACR: https://learn.microsoft.com/en-us/azure/container-registry/
- Harbor registry: https://goharbor.io/docs/
- Docker Hub: https://docs.docker.com/docker-hub/