BestHub
Sign in
Cloud Native 5 min read

How to Use GitHub Container Registry (ghcr.io) for Secure Docker Image Management

This guide explains how GitHub's Container Registry (ghcr.io) works, compares it with Docker Hub, shows how to create a personal access token with the proper scopes, and provides step‑by‑step commands for logging in, pushing images, and integrating the registry into GitHub Actions workflows.

Programmer DD
Programmer DD
Programmer DD
How to Use GitHub Container Registry (ghcr.io) for Secure Docker Image Management

Microsoft acquired GitHub but has kept the platform neutral, continuously adding features such as GitHub Actions and the GitHub Package Registry.

Since the launch of the GitHub Package Registry, hundreds of millions of packages have been downloaded; Docker is the second most popular package manager after npm, and developers increasingly use containers, Kubernetes, and other cloud‑native technologies to manage application lifecycles.

GitHub has introduced a dedicated Container Registry service (GitHub Container Registry) to improve container support in GitHub Packages and to challenge Docker Hub. The service offers both public (free, anonymous pull) and private images (currently free in testing, with future pricing aligned with GitHub Package Registry).

The registry’s domain is ghcr.io, which may remind users of Google’s gcr.io.

Create a Token

1. Click your avatar in the top‑right corner of any GitHub page, then select Settings .

2. In the left sidebar, click Developer settings .

3. Click Personal access tokens in the left sidebar.

4. Click Generate new token .

5. Enter a token name.

6. Select the scopes read:packages (download container images and read metadata), write:packages (upload images and write metadata), and delete:packages (remove images).

Log in to the Registry

Save the created token as an environment variable: export CR_PAT=YOUR_TOKEN Log in to the registry using your GitHub username:

echo $CR_PAT | docker login ghcr.io -u USERNAME --password-stdin
> Login Succeeded

After logging in, you can push private images. You can also replace the registry in GitHub Actions with ghcr.io to enjoy a seamless end‑to‑end experience.

name: ci
on:
  push:
    branches: master
jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Login to GitHub Package Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHCR_TOKEN }}

Future plans for GitHub Container Registry include support for more cloud‑native features such as a Helm chart marketplace and storage for artifact types beyond Docker images.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Dockerci/cdKubernetesGitHubContainer Registryghcr.io
Programmer DD
Written by

Programmer DD

A tinkering programmer and author of "Spring Cloud Microservices in Action"

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment