ratify icon indicating copy to clipboard operation
ratify copied to clipboard
verified publisher icon ratify-project

Private registry over TLS with password authentication

Open tesence opened this issue 7 months ago • 2 comments

Hello,

I'm currently trying to connect Ratify to a private Artifactory instance that supports TLS and requires a user/password authentication.

According to the existing issues, the custom CA support is planned for v2 https://github.com/notaryproject/ratify/issues/1106, I just wanted to make sure that today we were not able to connect Ratify to a private image registry over TLS (even considering some workarounds) ?

Additionnaly, I can't seem to find info about a potential user/password authentication support, is that something Ratify currently supports ?

Thank you in advance

tesence avatar Jul 04 '25 14:07 tesence

Hi @tesence, thanks for your question!

TLS Certificates: Ratify V1 currently does not support custom TLS certificates, and there's no workaround at the moment unless the feature is added. That said, we're actively developing Ratify V2, which will support custom TLS.

Authentication: For username/password authentication, Ratify V1 supports it via Kubernetes secrets. You can find setup instructions here: https://ratify.dev/docs/next/plugins/store/oras#kubernetes-secrets. In Ratify V2, plain username/password can already be provided directly through the CR, and support for Kubernetes secrets is also planned.

binbin-li avatar Jul 11 '25 06:07 binbin-li

btw, we have supported this feature in v2 dev version: https://github.com/notaryproject/ratify/pull/2355

binbin-li avatar Jul 25 '25 08:07 binbin-li