Sign in
Just like with docker login, the policy CLI requires you to sign in to an OCIv2-compliant registry.
echo $PAT | policy login -s <server> -u <username> --password-stdin
Options
-s <server>: container registry address
-u <username>: username / account
-p <password>: password or a PAT
--password-stdin: read the password from stdin
AWS Elastic Container Registry
AWS ECR credentials to authenticate can be obtained using the AWS CLI command aws ecr get-login-password.
aws ecr get-login-password |policy login -s <org>.dkr.ecr.<region>.amazonaws.com -u AWS --password-stdin
Create a new policy repository:
aws ecr create-repository --repository-name <my-policy-name>
This will return a URI to push policy images to.
GitHub Container Registry
To sign in to the ghcr.io registry, use your GitHub account, and a GitHub personal access token (PAT) as your password which contains the appropriate scopes - for example, repo (required), read:org (for organizations), write:packages, and delete:packages.
echo $PAT | policy login -s ghcr.io -u <username> --password-stdin
You can create a GitHub PAT on this page.
Docker Hub
You can use your password or a PAT to login to Docker Hub:
echo $PAT | policy login -s registry-1.docker.io -u <username> --password-stdin
Google Container Registry
Follow the steps to authenticate to GCP here.
For example, create a JSON key file for a service account using the following command:
gcloud iam service-accounts keys create keyfile.json --iam-account [NAME]@[PROJECT_ID].iam.gserviceaccount.com
Then login using policy the same way you would login to docker:
cat KEY-FILE | policy login -s gcr.io -u _json_key --password-stdin
Open Policy Registry
This assumes that you've created an Open Policy Registry account using your GitHub account.
To sign in to the Open Policy Registry, use the GitHub account you registered with, and a GitHub personal access token (PAT) as your password.
You can create a GitHub PAT on this page.
echo $PAT | policy login -s opcr.io -u <GitHub-account> --password-stdin