Skill

managing-container-registries

Manages container registries including Docker Hub, AWS ECR, GCP Artifact Registry, Azure ACR; automates tagging, lifecycle policies, replication, scanning, and access control.

Docker

Kubernetes

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin container-registry-manager

Tool Access

This skill is limited to using the following tools:

ReadWriteEditGrepGlobBash(docker:*)Bash(kubectl:*)

Preview

Manage container registries across Docker Hub, AWS ECR, GCP Artifact Registry, Azure ACR, and self-hosted registries (Harbor, Nexus). Automate image tagging, lifecycle policies, cross-region replication, vulnerability scanning integration, and access control for container image storage and distribution.

Supporting Assets

assets/README.mdreferences/README.mdscripts/README.md

SKILL.md

Similar Skills

setup-container-registry

Configures container registries like GHCR, Docker Hub, Harbor with scanning, tagging, retention policies, and CI/CD. Use for private setups, Docker Hub migrations, vuln scanning, multi-arch images, signing, cleanup.

1 file1 tool

agent-almanac

container-image-tagging

Recommends full git SHA tagging for Docker images to enable instant code traceability in production incidents. Covers OCI labels, registry retention policies, and pitfalls of latest, date, or env tags.

2 files

cloud-foundation-principles

container-development

Develops secure Docker containers with multi-stage builds, non-root users, minimal Alpine/slim images, Skaffold workflows, and 12-factor principles. For Dockerfiles, container security, and orchestration.

1 file9 tools

container-plugin

Stats

Parent Repo Stars2148

Parent Repo Forks287

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Managing Container Registries

Overview

Prerequisites

Docker CLI installed and authenticated to the target registry
Cloud provider CLI (aws, gcloud, az) for managed registries
Registry credentials configured (docker login or credential helpers)
Understanding of image naming conventions (registry/namespace/image:tag)
IAM permissions for registry operations (push, pull, delete, admin)

Instructions

Identify the target registry type: ECR, Artifact Registry, ACR, Docker Hub, or self-hosted
Configure authentication: set up credential helpers for automated access (docker-credential-ecr-login, gcloud auth configure-docker)
Define image naming and tagging strategy: use semantic versioning for releases, git SHA for CI builds, latest only for development
Create repository/namespace structure organized by team, application, or environment
Configure lifecycle policies to auto-delete untagged images and images older than retention threshold (e.g., keep last 10 tagged images, delete untagged after 7 days)
Set up vulnerability scanning: enable automatic scanning on push (ECR scan-on-push, GCP Container Analysis)
Configure cross-region replication for disaster recovery and latency reduction
Implement access control: read-only for CI pull, push access for CI build agents, admin for operators
Generate Terraform/IaC for registry infrastructure and policies

Output

Terraform/CloudFormation for registry creation with lifecycle and replication policies
Docker credential helper configuration scripts
CI/CD pipeline steps for building, tagging, and pushing images
Lifecycle policy JSON (ECR) or cleanup scripts (Docker Hub, Harbor)
RBAC configurations for registry access control

Error Handling

Error	Cause	Solution
`denied: requested access to the resource is denied`	Missing push/pull permissions or expired token	Re-authenticate with `docker login` or refresh credential helper; verify IAM policies
`manifest unknown: manifest unknown`	Image tag does not exist in the registry	Verify image name and tag; check if lifecycle policy deleted the image
`no space left on device` during push	Registry storage quota exceeded	Increase quota, run lifecycle cleanup, or delete unused images
`unauthorized: authentication required`	Credential helper not configured or token expired	Set up credential helper (`aws ecr get-login-password`, `gcloud auth configure-docker`)
`toomanyrequests: rate limit exceeded`	Docker Hub pull rate limit hit	Use authenticated pulls, mirror images to private registry, or upgrade Docker Hub plan

Examples

"Set up an AWS ECR repository with scan-on-push enabled, lifecycle policy to keep last 20 tagged images, and cross-region replication to us-west-2."
"Configure GCP Artifact Registry with Docker credential helper and a cleanup policy for images not pulled in 90 days."
"Create a CI pipeline step that builds a Docker image, tags it with the git SHA and latest, pushes to ECR, and fails if Critical vulnerabilities are found."

Resources

AWS ECR: https://docs.aws.amazon.com/AmazonECR/latest/userguide/
GCP Artifact Registry: https://cloud.google.com/artifact-registry/docs
Azure ACR: https://learn.microsoft.com/en-us/azure/container-registry/
Harbor registry: https://goharbor.io/docs/
Docker Hub: https://docs.docker.com/docker-hub/