Skip to main content

Sign in

Just like with docker login, the policy CLI requires you to sign in to an OCIv2-compliant registry.

echo $PAT | policy login -s <server> -u <username> --password-stdin


-s <server>: container registry address

-u <username>: username / account

-p <password>: password or a PAT

--password-stdin: read the password from stdin

AWS Elastic Container Registry

AWS ECR credentials to authenticate can be obtained using the AWS CLI command aws ecr get-login-password.

aws ecr get-login-password |policy login -s <org>.dkr.ecr.<region> -u AWS --password-stdin

Create a new policy repository:

aws ecr create-repository --repository-name <my-policy-name>

This will return a URI to push policy images to.

GitHub Container Registry

To sign in to the registry, use your GitHub account, and a GitHub personal access token (PAT) as your password which contains the appropriate scopes - for example, repo (required), read:org (for organizations), write:packages, and delete:packages.

echo $PAT | policy login -s -u <username> --password-stdin

You can create a GitHub PAT on this page.

Docker Hub

You can use your password or a PAT to login to Docker Hub:

echo $PAT | policy login -s -u <username> --password-stdin

Google Container Registry

Follow the steps to authenticate to GCP here.

For example, create a JSON key file for a service account using the following command:

gcloud iam service-accounts keys create keyfile.json --iam-account [NAME]@[PROJECT_ID]

Then login using policy the same way you would login to docker:

cat KEY-FILE | policy login -s -u _json_key --password-stdin 

Open Policy Registry


This assumes that you've created an Open Policy Registry account using your GitHub account.

To sign in to the Open Policy Registry, use the GitHub account you registered with, and a GitHub personal access token (PAT) as your password.


You can create a GitHub PAT on this page.

echo $PAT | policy login -s -u <GitHub-account> --password-stdin