Contact UsGet started

Creating a registry

Written by
Improved by
Updated at May 26, 2025

Any users and service accounts with folder access rights can use the created registry.

You can create a secure registry with autoscanning using a vulnerability scanner.

Note

Scanning Docker images for vulnerabilities is charged.

  1. In the management console, select the folder to create a registry in.

  2. In the list of services, select Container Registry.

  3. Click Create registry.

  4. Specify a name for the registry. The naming requirements are as follows:

    • It must be from 2 to 63 characters long.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • It must start with a letter and cannot end with a hyphen.

  5. Optionally, under Automatic scanning:

    • Disable Scan Docker images on push to skip scanning of Docker images at their upload to the repository.

    • Disable Scan all Docker images in the registry or set the scanning frequency.

      Warning

      Automatic Docker image scanning makes your registry more secure. The default vulnerability scan settings are consistent with the Yandex Cloud cloud infrastructure security standard.

  6. Optionally, add labels.

  7. Click Create registry.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. Make sure that a registry has not been created in the folder yet:

    yc container registry list

    Result:

    +----+------+-----------+
| ID | NAME | FOLDER ID |
+----+------+-----------+
+----+------+-----------+

    If the folder already contains a registry, see Updating a registry for info on how you can update it.

  2. Create a registry:

    • With automated vulnerability scanning:

      yc container registry create --name my-reg --secure

      Warning

      Automatic Docker image scanning makes your registry more secure. The default vulnerability scan settings are consistent with the Yandex Cloud cloud infrastructure security standard.

    • Without automated vulnerability scanning:

      yc container registry create --name my-reg

    Result:

    done
id: crpd50616s9a********
folder_id: b1g88tflru0e********
name: my-reg
status: ACTIVE
created_at: "2019-01-09T14:34:06.601Z"

    Follow these registry naming requirements:

    • It must be from 2 to 63 characters long.
    • It may contain lowercase Latin letters, numbers, and hyphens.
    • It must start with a letter and cannot end with a hyphen.

    The --name flag is optional. You can create a registry without a name and use its ID to access it. The name field is user-defined. It is used when listing in the Yandex Cloud CLI and not used in the Docker CLI.

  3. Make sure the registry was created:

    yc container registry list

    Result:

    +----------------------+--------+----------------------+
|          ID          |  NAME  |      FOLDER ID       |
+----------------------+--------+----------------------+
| crpd50616s9a******** | my-reg | b1g88tflru0e******** |
+----------------------+--------+----------------------+

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

  1. Include the parameters of the registry you want to create in the configuration file, e.g., a file named example.tf in the ~/cloud-terraform directory:

    resource "yandex_container_registry" "my-reg" {
  name = "my-registry"
  folder_id = "<folder_ID>"
  labels = {
    my-label = "my-label-value"
  }
}

    Where:

    • name: Registry name.
    • folder_id: Folder ID.
    • labels: Labels used.

    For more information about resources you can create with Terraform, see this provider reference.

  2. Check that the configuration file is correct.

    1. Use the command line to go to the directory where you saved the configuration file:

      cd /Users/<username>/cloud-terraform

    2. Run a check using this command:

      terraform plan

      Result:

      Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
...
Note: You did not specify an "-out" parameter to save this plan, so Terraform
cannot guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

  3. Create a registry.

    1. Run this command:

      terraform apply

      Result:

      An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
...
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

    2. Confirm creation of the registry. To do this, type yes and press Enter:

      Enter a value: yes

      Result:

      yandex_container_registry.default: Creating...
yandex_container_registry.default: Creation complete after 4s [id=crpuljdfqoj3********]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

      This will create a registry named my-registry in the folder.

    3. Check the resources and their settings in the management console.

To create a registry, use the create method for the Registry resource.

Previous
Getting information about a registry access policy
Next
Configuring access to a registry