Home Explore Blog Models CI



docker
1st chunk of `content/manuals/security/for-admins/hardened-desktop/registry-access-management.md`
f239489487d96a6605c4fc54b339dcf00e9a25ef884369e800000001000008bb
---
description: Control access to approved registries with Registry Access Management, ensuring secure Docker Desktop usage
keywords: registry, access, management, permissions, Docker Business feature, security, admin
title: Registry Access Management
tags: [admin]
aliases:
 - /desktop/hardened-desktop/registry-access-management/
 - /admin/organization/registry-access/
 - /docker-hub/registry-access-management/
 - /security/for-admins/registry-access-management/
weight: 30
---

{{< summary-bar feature_name="Registry access management" >}}

With Registry Access Management (RAM), administrators can ensure that their
developers using Docker Desktop only access allowed registries. This is done
through the Registry Access Management dashboard in Docker Hub or the
Docker Admin Console.

Registry Access Management supports both cloud and on-prem registries. This
feature operates at the DNS level and therefore is compatible with all
registries. You can add any hostname or domain name you’d like to include in the
list of allowed registries. However, if the registry redirects to other domains
such as `s3.amazon.com`, then you must add those domains to the list.

Example registries administrators can allow include:

 - Docker Hub. This is enabled by default.
 - Amazon ECR
 - GitHub Container Registry
 - Google Container Registry
 - GitLab Container Registry
 - Nexus
 - Artifactory

## Prerequisites

You must [enforce sign-in](../enforce-sign-in/_index.md). For Registry Access
Management to take effect, Docker Desktop users must authenticate to your
organization. Enforcing sign-in ensures that your Docker Desktop developers
always authenticate to your organization, even though they can authenticate
without it and the feature will take effect. Enforcing sign-in guarantees the
feature always takes effect.

## Configure Registry Access Management permissions

{{< tabs >}}
{{< tab name="Admin Console" >}}

{{% admin-registry-access product="admin" %}}

{{< /tab >}}
{{< tab name="Docker Hub" >}}

{{% include "hub-org-management.md" %}}

{{% admin-registry-access product="hub" %}}

{{< /tab >}}
{{< /tabs >}}

## Verify the restrictions

The new Registry Access Management policy takes effect after the developer
Title: Registry Access Management
Summary
Registry Access Management (RAM) allows administrators to control which registries Docker Desktop users can access, enhancing security. It supports cloud and on-prem registries by operating at the DNS level. Administrators can configure allowed registries through the Registry Access Management dashboard in Docker Hub or the Docker Admin Console. Enforcing sign-in is a prerequisite to ensure the policy takes effect.