Discuss with expertTry it for free
© 2026 Direct Cursus Technology L.L.C.

Creating a remote registry

Written by
Updated at June 29, 2026

Note

You can create a remote registry in any format except binary.

  1. In the management console, select the folder where you want to create a remote registry.

  2. Navigate to Cloud Registry.

  3. In the left-hand panel, select  Registries.

  4. In the top-right corner, click Create registry.

  5. Select the registry format.

  6. In the Registry type field, select Remote.

  7. Select the source type:

    • Public: Public source

      Registry format Public source addresses
      Maven Maven Central
      Gradle Plugin Portal
      Axiom
      Npm Npm
      Docker Docker Hub
      NuGet NuGet
      PyPI PyPI
      PyPI Test

      Note

      The Axiom public source is available on request. To get access to Axiom, create a request to support.

    • Custom: Custom source.

      Specify your custom source address.

  8. Select the authorization type:

    Note

    Authorization is is supported for custom sources and the Docker Hub public source. Docker Hub only supports the Basic authorization type.

    • None: Without authorization.

    • Basic: Authorization by username and password.

    • Bearer: Authorization by Bearer token.

  9. If you selected Basic or Bearer authorization:

    1. Create a Yandex Lockbox secret. Under Key, specify value. In the Value field, specify the following:

      • Password, if using Basic authorization.
      • Bearer token, if using Bearer authorization.

    2. Grant access to the contents of the secret to the Cloud Registry service agent by assigning it the lockbox.payloadViewer role for this secret.

      Currently, you can only grant this access using the Yandex Cloud CLI command by specifying the ID of the Yandex Lockbox secret containing the password or Bearer token and the ID of the cloud you are creating the registry in:

      yc lockbox secret add-access-binding \
  --id <secret_ID> \
  --role lockbox.payloadViewer \
  --agent cloud-registry:data-plane \
  --cloud-id <cloud_ID>

    3. In the registry settings, specify the username (if using Basic authorization) and the ID of the Yandex Lockbox secret you created.

  10. Enter a name and description for the registry.

  11. Add labels in key: value format.

  12. Click Create.

To create a remote registry, run this command:

yc cloud-registry registry create \
  --name <registry_name> \
  --description <registry_description> \
  --registry-kind <registry_format> \
  --registry-type remote \
  --properties <registry_properties>

Where:

  • --name: Registry name.

  • --description: Registry description.

  • --registry-kind: Registry format. Available formats: maven, npm, docker, nuget, and pypi.

  • --registry-type: Registry type.

  • --properties: Registry properties. Provide them as a string in name1=value1,name2=value2 format. The available properties for remote registries are as follows:

    • source: Source registry. You can specify a public source or a custom one. Available public sources:

      Registry format Public source addresses
      maven @maven-central
      @gradle-plugin-portal
      @axiom
      npm @npmjs
      docker @docker-hub
      nuget @nuget
      pypi @pypi
      @pypi-test

      Note

      The @axiom public source is available on request. To get access to @axiom, create a request to support.

    • authorizationType: Authorization type. Available authorization types: none, basic, and bearer. The default value is none.

      Note

      Authorization is supported for custom sources and the @docker-hub public source. @docker-hub only supports the basic authorization type.

      If you selected basic or bearer authorizationType:

      1. Create a Yandex Lockbox secret. Set the key parameter to value and define the key value as follows:

        • Enter the password if authorizationType is set to basic.
        • Specify the bearer token if authorizationType is set to bearer.

      2. Grant access to the contents of the secret to the Cloud Registry service agent by assigning it the lockbox.payloadViewer role for this secret.

        Run the command below, specifying the ID of the Yandex Lockbox secret containing the password or bearer token and the ID of the cloud you are creating the registry in:

        yc lockbox secret add-access-binding \
  --id <secret_ID> \
  --role lockbox.payloadViewer \
  --agent cloud-registry:data-plane \
  --cloud-id <cloud_ID>

    • authorizationSecretId: ID of the user secret that stores the password or bearer token. It is required if authorizationType is set to basic or bearer.

    • authorizationUsername: Username. It is required if authorizationType is basic.

Result:

done (3s)
id: cn1fsnc2dak********
folder_id: b1gc1t4cb638********
name: my-first-registry
kind: DOCKER
type: REMOTE
status: ACTIVE
description: docker
created_at: "2024-11-30T16:11:12.901356Z"
modified_at: "2024-11-30T16:11:16.243323Z"

To create a remote registry, use the create REST API method for the Registry resource or the RegistryService/Create gRPC API call.

In the type field, specify REMOTE.

Previous
Local
Next
Virtual