Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Setting up an Azure container registry for anonymous (unauthenticated) pull access is an optional feature that allows any user with internet access the ability to pull any content from the registry.
Anonymous pull access is a preview feature, available in the Standard and Premium service tiers. To configure anonymous pull access, update a registry using the Azure CLI (version 2.21.0 or later). To install or upgrade, see Install Azure CLI.
By default, access to pull or push content from an Azure container registry is only available to authenticated users. Enabling anonymous (unauthenticated) pull access makes all registry content publicly available for read (pull) actions. Anonymous pull access can be used in scenarios that do not require user authentication such as distributing public container images.
Warning
Anonymous pull access currently applies to all repositories in the registry. If you manage repository access using repository-scoped tokens, all users may pull from those repositories in a registry enabled for anonymous pull. We recommend deleting tokens when anonymous pull access is enabled.
Users can enable, disable and query the status of anonymous pull access using the Azure CLI. The following examples demonstrate how to enable, disable, and query the status of anonymous pull access.
Update a registry using the az acr update command and pass the --anonymous-pull-enabled
parameter. By default, anonymous pull is disabled in the registry.
az acr update --name myregistry --anonymous-pull-enabled
Important
If you previously authenticated to the registry with Docker credentials, run docker logout
to ensure that you clear the existing credentials before attempting anonymous pull operations. Otherwise, you might see an error message similar to "pull access denied".
Remember to always specify the fully qualified registry name (all lowercase) when using docker login
and tagging images for pushing to your registry. In the examples provided, the fully qualified name is myregistry.azurecr.io
.
If you've previously authenticated to the registry with Docker credentials, run the following command to clear existing credentials or any previous authentication is cleared.
docker logout myregistry.azurecr.io
This will help you to attempt an anonymous pull operation. If you encounter any issues, you might see an error message similar to "pull access denied."
Disable anonymous pull access by setting --anonymous-pull-enabled
to false
.
az acr update --name myregistry --anonymous-pull-enabled false
Users can query the status of "anonymous-pull" using the az acr show command with the --query parameter. Here's an example:
az acr show -n <registry_name> --query anonymousPullEnabled
The command will return a boolean value indicating whether "Anonymous Pull" is enabled (true) or disabled (false). This will streamline the process for users to verify the status of features within ACR.
Events
Mar 17, 11 PM - Mar 21, 11 PM
Join the meetup series to build scalable AI solutions based on real-world use cases with fellow developers and experts.
Register nowTraining
Module
Configure Azure Container Registry for container app deployments - Training
Learn how to create and configure an Azure Container Registry, the process of pushing container images to Azure Container Registry and explore different authentication methods and security features for Azure Container Registry.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.