Container Registry

Namespace maintains nscr.io - a fully managed container image registry that is deeply integrated with the rest of the platform. It is built atop the same technology as our high-performance artifact storage.

Learn how to use the container registry

Fine-grained Access Control

Images pushed to nscr.io are shared with your workspace by default, allowing for frictionless collaboration. Namespace supports fine-grained access controls, allowing you to flexibly restrict or grant image access. Learn more about RBAC support under workspace access controls.

If you need to make an image from nscr.io publicly available, please reach out to our support.

Expiration policy

Container images stored in nscr.io can be associated with an expiration policy. Once an image shows no access for a prolonged time, it is automatically removed. This feature enables ephemeral container images, ideal for testing workflows.

Programmatic Access

You can access the Container Registry directly through HTTP calls. To authorize incoming traffic, it employs Basic access authentication. The expected username is token, while the password is a workspace access token. That is, the registry expects an Authorization header with the content Basic base64(token:access_token). You can generate an access token using our CLI:

$ nsc auth generate-dev-token

Multi-cloud distribution

Namespace is highly invested in accelerating workflows that involve container images. Enterprise customers can automatically have their container images distributed from nscr.io to other cloud providers. Reach out to set up a registry sink.