Skip to content

Commit 627d04d

Browse files
authored
Merge pull request #25310 from dvdksn/worktree-sbx-registry-creds
Clarify sandbox Docker registry credentials use case
2 parents 7123298 + e87efcd commit 627d04d

1 file changed

Lines changed: 9 additions & 5 deletions

File tree

content/manuals/ai/sandboxes/workflows.md

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -241,9 +241,10 @@ The token is never stored in plaintext inside the sandbox. See
241241

242242
### Docker registry
243243

244-
To let the agent push images it builds to a private registry, store registry
245-
credentials on your host. The agent can then run `docker build` and
246-
`docker push` without any extra authentication:
244+
To push or pull private images, including [templates](customize/templates.md),
245+
configure registry credentials for `sbx` to use. The agent can then run `docker
246+
build` and `docker push`, and `sbx` can resolve private image references,
247+
without any extra authentication:
247248

248249
```console
249250
$ gh auth token | sbx secret set --registry ghcr.io \
@@ -254,8 +255,11 @@ $ echo "$ACR_PASSWORD" | sbx secret set --registry myregistry.azurecr.io \
254255

255256
Images and containers built inside the sandbox run on the sandbox's private
256257
Docker daemon, not your host's. They're deleted when the sandbox is removed.
257-
See [Registry credentials](security/credentials.md#registry-credentials) for
258-
the full reference.
258+
259+
Docker Hub needs no registry credentials; `sbx` reuses your `sbx login`
260+
session. For information on how registry credentials differ from other secrets,
261+
per-registry username requirements, and global versus per-sandbox scoping, see
262+
[Registry credentials](security/credentials.md#registry-credentials).
259263

260264
### Sourcing credentials from 1Password
261265

0 commit comments

Comments
 (0)