How Capital One Migrated Its Docker Registry to Artifactory: A Practical Operations Case Study

Background

Capital One is a US digital bank with extensive DevOps experience. Its open‑source DevOps dashboard Hygieia is widely used. At a JFrog user conference, Capital One’s operations expert Wayne explained why and how they migrated their open‑source Docker registry to JFrog Artifactory.

Docker Registry at Capital One

Capital One runs thousands of containers and built an internal Docker registry using an open‑source solution, an AngularJS UI, and MongoDB to store metadata, supporting 180,000 images and 50 TB of data.

As usage grew, the open‑source registry became unstable and struggled with multi‑region replication, prompting the need for a more reliable solution.

Evaluation of Registry Solutions

The team evaluated three options: JFrog Artifactory, Amazon ECR, and Harbor. They defined functional requirements such as cloud‑native support, high availability, self‑service capabilities, API automation, and ease of integration with existing workflows.

Cloud‑native support – Deployable in cloud environments, reuse of services like S3, load balancers, databases, and high‑concurrency handling.

Auto‑scaling & support – Easy developer support, familiar tools, on‑demand scaling, and integration with CI/CD pipelines.

Self‑service – Developers can request Docker repositories without admin intervention, with API‑driven automation.

Comparison Results

Cloud‑native support – Artifactory offers strong cloud deployment; ECR and Harbor support S3 storage.

High availability – Artifactory and ECR provide HA; Artifactory adds global replication, while Harbor requires manual setup.

Familiarity – Artifactory and ECR are well‑known in North America; Harbor has limited adoption.

Integration with existing processes – Capital One already uses Artifactory for Maven/NPM, making integration straightforward.

Self‑service & API – Artifactory is adding non‑admin user creation; ECR’s permission model is most permissive.

Decision and Implementation

Capital One selected Artifactory as its Docker registry. They built an internal self‑service system on top of Artifactory’s API and exposed endpoints for Jenkins jobs.

Data Migration

A large local Docker repository was created in Artifactory to aggregate all previous images. Virtual repositories were used to unify access, and per‑team namespaces provided permission isolation.

Migration scripts performed recursive pull from the old registry and push to Artifactory. For images larger than 2 GB, Nginx’s

proxy_max_temp_file_size

was increased to avoid push failures.

Performance Testing

The new Artifactory cluster runs on eight nodes with SSD caching, reducing pressure on backend S3 storage and supporting higher concurrent pulls. Load tests showed satisfactory performance compared with the three‑node open‑source registry.

Production Rollout

After testing, the service was announced to developers via Slack, and DNS was switched from the old registry to the Artifactory cluster. Teams can now request Docker registry services themselves.

Current Status

Artifactory now hosts over 9 million Docker images (115 TB), serving more than 10,000 developers worldwide. The platform uses Clair for vulnerability scanning and plans to adopt JFrog Xray.