Image Pull Secrets
Image pull secrets store container registry credentials, allowing Agent Cloud to pull images from private registries.
Create Image Pull Secret
Create an image pull secret for private container registries.
Usage
videosdk agent image-pull-secret [OPTIONS] NAME
Arguments
| Argument | Required | Description |
|---|---|---|
name | Yes | Name for the image pull secret |
Options
| Option | Short | Required | Description | Default |
|---|---|---|---|---|
--region | No | Region for storing the secret | None | |
--server | Yes | Registry server URL | — | |
--username | -u | Yes | Registry username | — |
--password | -p | Yes | Registry password or access token | — |
note
--username and --password are container registry credentials, not your VideoSDK login or cloud console password.
Obtaining Registry Credentials
Depending on your registry provider, follow the steps below to get the correct username and password:
AWS Elastic Container Registry (ECR)
- Account ID & Region: Your server URL will be
<account-id>.dkr.ecr.<region>.amazonaws.com. - Username: Always use
AWS. - Password: Generate a temporary token using the AWS CLI:
aws ecr get-login-password --region <your-region>
Azure Container Registry (ACR)
- Username: Use the Registry Name (found in Azure Portal > ACR > Access Keys).
- Password: Enable the Admin user in ACR settings and use one of the generated passwords.
- Alternatively, use a Service Principal Application ID as the username and its Secret as the password.
Google Container Registry (GCR) / Artifact Registry
- Username: Always use
_json_key. - Password: The content of your Service Account JSON key file.
# Example usage
-p "$(cat keyfile.json)"
Docker Hub
- Username: Your Docker Hub username.
- Password: Use a Personal Access Token (PAT) instead of your account password.
- Go to Account Settings > Security > New Access Token.
GitHub Container Registry (GHCR)
- Username: Your GitHub username.
- Password: A Personal Access Token (classic) with
read:packagesscope.
What Happens
- The CLI validates the required registry details provided via flags.
- Credentials are securely stored and can be referenced in deployments using the
--image-pull-secretflag.
Examples
# ECR (AWS)
videosdk agent image-pull-secret my-ecr-secret \
--server 1234567890.dkr.ecr.ap-south-1.amazonaws.com \
-u AWS \
-p $(aws ecr get-login-password --region ap-south-1)
# ACR (Azure)
videosdk agent image-pull-secret my-acr-secret \
--server myregistry.azurecr.io \
-u myusername \
-p mypassword
# GCR (GCP)
videosdk agent image-pull-secret my-gcr-secret \
--server https://gcr.io \
-u _json_key \
-p "$(cat keyfile.json)"
# Docker Hub
videosdk agent image-pull-secret my-dockerhub-secret \
--server https://index.docker.io/v1/ \
-u myusername \
-p mypassword
Using Image Pull Secrets in Deployments
Once you've created an image pull secret, you can reference it when deploying your agent:
videosdk agent deploy --image ghcr.io/myorg/myagent:v1 --image-pull-secret ghcr-secret
Next Steps: Registry-Specific Guides
Follow these step-by-step guides for building, pushing, and deploying agents from popular registries to VideoSDK Cloud:
Got a Question? 
Ask us on discord
