Image Pull Secrets
Image pull secrets store container registry credentials, allowing Agent Cloud to pull images from private registries.
Create Image Pull Secret
Create an image pull secret for private container registries.
Usage
videosdk agent image-pull-secret <name> [OPTIONS]
Arguments
| Argument | Required | Description |
|---|---|---|
name | Yes | Name for the image pull secret |
Options
| Option | Short | Required | Description | Default |
|---|---|---|---|---|
--server | Yes | Registry server URL | — | |
--username | -u | Yes | Registry username | — |
--password | -p | Yes | Registry password or access token | — |
--region | No | Deployment region for the secret | us002 |
note
--username and --password are container registry credentials, not your VideoSDK login or cloud console password.
Obtaining Registry Credentials
Depending on your registry provider, follow the steps below to get the correct username and password:
AWS Elastic Container Registry (ECR)
- Account ID & Region: Your server URL will be
<account-id>.dkr.ecr.<region>.amazonaws.com. - Username: Always use
AWS. - Password: Generate a temporary token using the AWS CLI:
aws ecr get-login-password --region <your-region>
Azure Container Registry (ACR)
- Username: Use the Registry Name (found in Azure Portal > ACR > Access Keys).
- Password: Enable the Admin user in ACR settings and use one of the generated passwords.
- Alternatively, use a Service Principal Application ID as the username and its Secret as the password.
Google Artifact Registry (GAR)
- Server URL:
<REGION>-docker.pkg.dev - Username: Always use
_json_key. - Password: The content of your Service Account JSON key file.
# Example usage
-p "$(cat keyfile.json)" - Permissions: Ensure the service account has the
Artifact Registry Readerrole.
Docker Hub
- Username: Your Docker Hub username.
- Password: Use a Personal Access Token (PAT) instead of your account password.
- Go to Account Settings > Security > New Access Token.
GitHub Container Registry (GHCR)
- Username: Your GitHub username.
- Password: A Personal Access Token (classic) with
read:packagesscope.
What Happens
- The CLI validates the required registry details provided via flags.
- Credentials are securely stored on VideoSDK Cloud.
- Automatic Configuration: The CLI prompts you to save the secret to your
videosdk.yamlfile. If confirmed, the secret name is automatically added under thesecretssection.
Example Output
✓ Image pull secret 'my-registry-secret' created successfully
Do you want to add this secret to videosdk.yaml? [y/N]: y
✓ Secret Name saved to videosdk.yaml: my-registry-secret
videosdk.yaml Structure
secrets:
image-pull: my-registry-secret
Examples
# ECR (AWS)
videosdk agent image-pull-secret my-ecr-secret \
--server 1234567890.dkr.ecr.ap-south-1.amazonaws.com \
-u AWS \
-p $(aws ecr get-login-password --region ap-south-1)
# ACR (Azure)
videosdk agent image-pull-secret my-acr-secret \
--server myregistry.azurecr.io \
-u myusername \
-p mypassword
# Google Artifact Registry (GAR)
videosdk agent image-pull-secret my-gcr-secret \
--server https://<REGION>-docker.pkg.dev \
-u _json_key \
-p "$(cat keyfile.json)" \
--region us002
# Docker Hub
videosdk agent image-pull-secret my-dockerhub-secret \
--server https://index.docker.io/v1/ \
-u myusername \
-p mypassword \
--region us002
Using Image Pull Secrets in Deployments
Once you've created an image pull secret, you can reference it when deploying your agent:
videosdk agent deploy --image ghcr.io/myorg/myagent:v1 --image-pull-secret ghcr-secret
Next Steps: Registry-Specific Guides
Follow these step-by-step guides for building, pushing, and deploying agents from popular registries to VideoSDK Cloud:
Got a Question? 
Ask us on discord
