Skip to main content
Version: 2026.03

Docker Pull Secret

The Istari Platform and its dependencies (Zitadel, SpiceDB) require a docker pull secret to pull container images from the Istari Digital Artifactory. The docker pull secret should be created in the Kubernetes cluster before installing any of these components.

ISTARI_ARTIFACTORY_USERNAME=
ISTARI_ARTIFACTORY_PASSWORD=
kubectl create secret docker-registry docker-pull-secret \
  --docker-server="istaridigital.jfrog.io" \
  --docker-email="${ISTARI_ARTIFACTORY_USERNAME}" \
  --docker-username="${ISTARI_ARTIFACTORY_USERNAME}" \
  --docker-password="${ISTARI_ARTIFACTORY_PASSWORD}"
info

Make sure to to set the env vars ISTARI_ARTIFACTORY_USERNAME and ISTARI_ARTIFACTORY_PASSWORD with your actual credentials for the Istari Digital Artifactory.

Alternatively, if using a private repository, customers will need to create a Docker registry secret in Kubernetes for the custom container registry (e.g., a private repository on Docker Hub, GitHub Container Registry, ECR, Harbor, etc.).

DOCKER_SERVER=
DOCKER_USERNAME=
DOCKER_PASSWORD=
kubectl create secret docker-registry docker-pull-secret \
  --docker-server="${DOCKER_SERVER}" \
  --docker-email="${DOCKER_USERNAME}" \
  --docker-username="${DOCKER_USERNAME}" \
  --docker-password="${DOCKER_PASSWORD}"

Verify that the secret was created successfully:

kubectl describe secret docker-pull-secret