Skip to content

Clarify proxy registry token endpoint behavior #3784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AmberAlston merged 2 commits into from
Jan 22, 2026
Merged

Clarify proxy registry token endpoint behavior #3784

AmberAlston merged 2 commits into from
Jan 22, 2026

Conversation

@AmberAlston
Copy link
Member

@AmberAlston AmberAlston commented Jan 22, 2026
edited
Loading

Summary

Adds clarifying note to the custom domains documentation explaining that /v2/token authentication endpoints are expected behavior for the Docker Registry v2 API.

Context

A customer was confused and concerned when they saw JWT tokens in whitelabeled registry URLs like:

https://registry.vendorcompany.com/v2/token?service=registry.vendorcompany.com

This is actually harmless anonymous token behavior that is standard for Docker registries to allow pulling public images.

Changes

  • Added a note to the proxy registry section in docs/vendor/custom-domains.md explaining:
    • /v2/token endpoints are part of standard Docker Registry v2 API
    • Token requests are expected behavior
    • Tokens are anonymous for public images and do not contain sensitive information

Test plan

  • Review documentation for clarity and accuracy
  • Verify note formatting renders correctly
  • Confirm placement makes sense in document flow

🤖 Generated with Claude Code

@AmberAlston @claude
Clarify proxy registry token endpoint behavior
550b926 
Add note to custom domains documentation explaining that /v2/token
authentication endpoints are expected behavior for the Docker Registry
v2 API. This helps customers understand that anonymous tokens appearing
in whitelabeled registry URLs are standard Docker registry behavior and
not a security concern.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@netlify
Copy link

netlify bot commented Jan 22, 2026
edited
Loading

Deploy Preview for replicated-docs ready!

Name Link
🔨 Latest commit a639488
🔍 Latest deploy log https://app.netlify.com/projects/replicated-docs/deploys/6972a96515af2f000854e233
😎 Deploy Preview https://deploy-preview-3784--replicated-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Jan 22, 2026
edited
Loading

Deploy Preview for replicated-docs-upgrade ready!

Name Link
🔨 Latest commit a639488
🔍 Latest deploy log https://app.netlify.com/projects/replicated-docs-upgrade/deploys/6972a965251ced00086b1810
😎 Deploy Preview https://deploy-preview-3784--replicated-docs-upgrade.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@replicated-ci replicated-ci added type::docs Improvements or additions to documentation type::feature labels Jan 22, 2026
paigecalvert
paigecalvert reviewed Jan 22, 2026
View reviewed changes
docs/vendor/custom-domains.md
- **Proxy registry:** Images can be proxied from external private registries using the Replicated proxy registry. By default, the proxy registry uses the domain `proxy.replicated.com`. Replicated recommends using a CNAME such as `proxy.{your app name}.com`.

:::note
The default location for the image used by the Replicated SDK Helm chart is `proxy.replicated.com/library/replicated-sdk-image`. When you configure a custom domain for the Replicated proxy registry, the SDK is pulled from that custom domain. For more information about the Replicated SDK, see [About the Replicated SDK](/vendor/replicated-sdk-overview).
Copy link
Contributor

@paigecalvert paigecalvert Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a little reworking to make sure the info in this note was fully captured over under Use a Custom Domain for the Replicated SDK Image in Using Custom Domains. My goal was to avoid doubling up on notes. (After looking at it again, this SDK image note didn't really need to be over here anyway)

Copy link
Member Author

@AmberAlston AmberAlston Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@AmberAlston AmberAlston marked this pull request as ready for review January 22, 2026 22:54
@AmberAlston AmberAlston requested a review from a team as a code owner January 22, 2026 22:54
@AmberAlston AmberAlston merged commit d242c92 into main Jan 22, 2026
4 checks passed
@AmberAlston AmberAlston deleted the clarify-proxy-registry-token-endpoint branch January 22, 2026 22:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paigecalvert paigecalvert paigecalvert approved these changes

Assignees

No one assigned

Labels

type::docs Improvements or additions to documentation type::feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AmberAlston @paigecalvert @replicated-ci