Connect a registry

A registry is where agentry stores the images it builds for your apps. Connecting one is a one-time setup that unlocks rollbacks, zero-downtime updates, and moving an app between servers. It takes about two minutes.

Do I need one?

You can deploy without a registry — the build runs and your app goes live. But the image stays only on that one server, so you can't roll back, can't ship an update by reusing an image, and can't move the app to another server. Connect a registry and all of that works. For anything you plan to keep running, do it.

agentry supports:

• GitHub Container Registry (GHCR) — recommended, free for private images on any GitHub account.
• Docker Hub

Your images are pushed to a private repository you own. They're never made public, and they never go to agentry's infrastructure.

Connect GHCR (recommended)

1. Create a token. On GitHub, go to Settings → Developer settings → Personal access tokens → Tokens (classic) and generate a token with the write:packages scope. Copy it.
2. Open the dashboard. Go to Settings → Registry at app.agentry.run/settings/registries.
3. Fill in:
   • Namespace — your GitHub username or organization (images push to ghcr.io/<namespace>/<app>).
   • Username — the GitHub account that owns the token.
   • Token — the write:packages token from step 1.
4. Save. The token is encrypted before it's stored, and it's never shown again or returned by the API.

That's it. Your next deploy pushes its image to ghcr.io/<namespace>/<app>:<timestamp> and it shows up on the Images page.

Connect Docker Hub

Same flow, with a Docker Hub access token instead of a GitHub PAT:

1. Create an access token in Docker Hub (Account Settings → Security → New Access Token).
2. In Settings → Registry, choose Docker Hub and enter your namespace, username, and the token.
3. Save.

How images are named

Each build pushes a uniquely tagged image:

ghcr.io/<your-namespace>/<your-app>:20260613T135400Z

The tag is the build timestamp, so every build is distinct and nothing is ever overwritten. That's what lets you roll back to any past build.

One registry per organization

You connect a single registry for your whole agentry organization; every app's images go there, each under its own repository name. To switch providers or rotate the token, edit the entry in Settings → Registry — leave the token field blank to keep the existing one, or paste a new one to replace it.

Security notes

• The token is encrypted at rest and never echoed back.
• Images push to a private repo. Make sure the repo/namespace isn't set to public on the provider's side.
• A registry token only needs push access (write:packages on GHCR). Don't grant it more than that.

Next

• Images & rollbacks — what the registry makes possible.
• Ship an app — the deploy flow that produces images.