Deployment account for container registry

Description

I would like to use docker images build by CI for deployments without using my personal credentials.

Proposal

Read only service account similar to deployment keys or access token would be nice

If you use gitlabCI for deployment, you could:

- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.example.com

That allows me to push to Gitlab registry after building an image. But then when I'm want to deploy it to some remote box I need to authenticate as my self, rather than use service user.

Ho you get 403 when using this to docker pull images?

I don't do this as part of CI pipeline, but on remote server where I need to set my personal credentials rather than deployment like style.

If I would not use my personal credentials (on prod box that is also used by others) I can not pull any image.

I have the same problem. Create a user just for be able to login is not a good practise :(

@markglenfletcher can this please be marked as feature proposal?

added ~19173 container registry feature proposal labels

Closing in favor of https://gitlab.com/gitlab-org/gitlab-ce/issues/19219 which is slated for 9.3!

closed