We use cookies to understand how people use Depot.
Depot
Sign InGet started
Depot Registry

Depot Registry

The Depot Registry is an OCI-compliant container registry for storing, managing, and distributing container images and artifacts. You can use it with container builds as a lightweight ephemeral store for build output, and as a full primary registry for all your images.

See the quickstart to get started.

How it works

Each Depot organization gets its own registry subdomain:

{orgId}.registry.depot.dev

You can push any image or OCI artifact to any repository name you choose:

docker push {orgId}.registry.depot.dev/your/app:v1

You can also get images into the registry directly from a Depot build by passing --save to depot build. Depot stores the result under a project-scoped repository automatically, no tagging step required.

Depot Registry is backed by a global CDN to distribute layer blobs efficiently, making it significantly faster to pull and push large images regardless of where you're located.

If you want to distribute images across multiple registries, use depot push to copy an image from Depot Registry to another registry. The transfer happens directly from Depot infrastructure to your target registry, skipping your local machine entirely.

You can also use depot pull to download any image from Depot Registry into your local, CI, or production environment.

Registry Explorer

The Registry Explorer in the Depot dashboard lets you browse all your repositories by name. From there you can explore manifests by tag or digest, view artifact metadata and platforms, inspect attestations, and see linked build details for project-scoped images.

Screenshot showing the Depot Registry Explorer with searchable repositories and tag browsing

Use cases

Depot Registry works for a variety of use cases:

Primary registry: Use Depot Registry as your primary container registry for all your images, including ones you're not building with Depot.

Ephemeral build store: Automatically save build output during depot build --save and pull it down wherever you need it.

Local development: Pull images directly to your local machine for testing and development. The global CDN ensures fast downloads regardless of your location.

Cross-environment consistency: Build an image once on Depot, save it to the registry, then promote that same image across development, staging, and production without rebuilding.

OCI artifacts: Store any OCI-compliant artifact, including Helm charts and AI models, not just container images.

Depot CI custom images: Snapshot a Depot CI sandbox with your tools and dependencies pre-installed and store it in the registry. Jobs that use the snapshot skip setup entirely, speeding up your CI. See Build and use custom images.

Working with large images: The global distribution mechanism makes pulling and pushing large images fast. The registry supports artifacts up to 50GB.

Pull-through cache

Depot Registry can proxy pulls from an external registry, caching layers on its CDN so subsequent pulls skip the external hop entirely. Common uses include accelerating CI image pulls, distributing images globally without managing your own CDN, and simplifying access to registries with complex authentication (like Google Artifact Registry).

For configuration details and supported providers, see Pull-through cache.

Authentication and permissions

Depot Registry authenticates with the same token types used across the rest of the Depot platform. All token types provide both push and pull access except for pull tokens, which are read-only. You can use the following types of tokens for registry authentication:

  • User access tokens: Full push and pull permissions for any project in any organization you have access to
  • Project tokens: Full push and pull permissions for the specific project they're associated with
  • Organization tokens: Full push and pull permissions for any repository within the organization
  • Trust relationship tokens: Full push and pull permissions for the project when issued via OIDC trust relationships
  • Pull tokens: Read-only, short-lived access for pulling images only (generated via depot pull-token --project <project-id>)

Authentication for the Docker CLI

To use Depot Registry with Docker CLI tools, authenticate using a Depot token. Set the username to x-token and the password to your chosen token:

docker login {orgId}.registry.depot.dev -u x-token -p <depot-token>

Pricing

Depot Registry is included in all plans. Storage is billed at $0.20/GB/month. There are no charges for data transfer into or out of the registry.

Image retention

By default, images pushed to the Depot Registry are retained for 7 days, after which they are deleted. You can configure retention on a per-repository basis from the repository's settings in the Explorer.

You can choose to retain images by age or by tag count:

By age:

  • 1 day
  • 7 days (default)
  • 14 days
  • 30 days

By tag count:

  • 5 tags
  • 10 tags
  • 25 tags
  • 50 tags
  • 100 tags

Retaining by tag count is useful for reducing storage costs when you care more about keeping the most recent versions than keeping images for a fixed duration.

You can also individually delete images from the Registry Explorer.