The Minimus container registry is located at: reg.mini.dev. An active token is required to pull images from the Minimus registry. With an active token, you can pull any of the Minimus images included in your subscription (or available without a subscription). A token is a type of secret so, like with all secrets, you should ensure that the token isn’t stored where it can be leaked.

Inline token

As a shortcut, you can insert the token directly in the pull/run command. This approach works well for ad-hoc testing. 
docker pull reg.mini.dev/{token}/{image name}
# reg.mini.dev is the minimus registry
When you copy the pull command from the gallery, it will contain an inline token.

Docker login command (direct authentication)

Authenticate to the Minimus registry using the docker login command to keep your session active until the token expires. This way you will not need to use an inline token. 
docker login reg.mini.dev -u minimus -p {your minimus token}
# The username is always minimus
Once authenticated to the Minimus registry, you can pull any image included in your subscription (and any image tag that doesn’t require a subscription). For example: 
docker pull reg.mini.dev/nginx:latest
docker pull reg.mini.dev/nginx:latest-dev
Once your token expires, you will need to run docker login again with an active token to continue working. A valid inline token will not work since docker login takes priority.
You can run docker logout reg.mini.dev to reset your access if you prefer to work with an inline token.

Using a credential store

You have the option to use a credential store for additional security. Learn more from Docker

Kubernetes secret

It is important to avoid embedding tokens in Kubernetes YAML files or values.yaml for Helm charts. Instead, we can create a Kubernetes Secret in the same namespace of a deployment. Here we name the secret minimus-registry to align with the values.yaml files in the Minimus Helm charts. 
kubectl create secret docker-registry minimus-registry \
    --docker-server=reg.mini.dev \
    --docker-username=minimus \
    --docker-password={minimus token} \
    --namespace={same namespace as your helm chart}
To deploy Minimus images to a Kubernetes cluster, we can add the ImagePullSecrets parameter to point to the minimus-registry secret: 
    spec:
      containers:
      - name: nginx
        image: reg.mini.dev/nginx:1.29.0
        
# add the next two lines
      imagePullSecrets:
      - name: minimus-registry

Using an encoded file

After logging in using the docker login steps above, we can create an encoded config.json file locally with the value necessary to generate the Kubernetes Secret.
  1. Login to reg.mini.dev using the steps above.
  2. Execute cat ~/.docker/config.json | base64 -w 0 to base64 encode the credentials.
  3. Create a Kubernetes YAML file, minimus-registry.yaml 
    apiVersion: v1
kind: Secret
metadata:
  name: minimus-registry
data:
  .dockerconfigjson: {paste your base64 encoded string}
type: kubernetes.io/dockerconfigjson
  4. Execute kubectl -n {namespace} -f minimus-registry.yaml to create the secret in the application namespace.
  5. Add the ImagePullSecret parameter to your deployment by changing the spec as shown in the snippet below and redeploy: 
        spec:
      containers:
      - name: nginx
        image: reg.mini.dev/nginx:latest
        
# add the next two lines
      imagePullSecrets:
      - name: minimus-registry

Supported images

The images you have permissions to pull depend on the images included in your subscription. Learn more

Troubleshooting

Valid inline token returned unauthorized error

To fix the problem: Run docker logout reg.mini.dev to reset your access and try the pull command again. Explanation: Most likely, you previously authenticated with the docker login command and the token has since expired or been deleted. The token from the docker login command takes precedence over the inline token and this is causing the error.