- Prerequisites / Requirements
- Generate GitLab Access Token (instead of using a password)
- Encode Username and Token
- Request bearer token
- Request Tags List
- Iterate over all tags in tags list
We tried to mirror the Docker images (all tags) of the private GitLab Docker Registry from a project we sourced to an external company.
This has been a real struggle, because I haven't done this before and I had no idea how to get this thing going.
Instead of placeholders, we assume that our GitLab is available at
git.itjustworks.cc and our GitLab Docker Container Registry is availabe at
Anyway, this is how you do it in bash:
Use a token instead of a password
Log into Gitlab, then head over to your settings page and click on Access Tokens
Create an access token with read_registry scope. This grants read-only access to container registry images on private projects.
Encode username and token
To get the bearer token, we have to authenticate and this is done with our username (
gorilla.moe) and our access_token (
It would be way too easy, if we could just pass them as they are;
we have to
base64-encode them like so:
basic_auth_encoded=$(echo "gorilla.moe:for_the-LulZ" | base64 -)
echoing should give us
echo $basic_auth_encoded # should be Z29yaWxsYS5tb2U6Zm9yX3RoZS1MdWxaCg==
Request bearer token
You need to also pass it the path of the docker image.
In dockerhub-land there is only
https://hub.docker.com/superevilmegaco/seefu/ would be
but in GitLab there is no such limitation. It could be anything.
For simplicitys sake, let's assume the docker image URL is
then the path is
Now that we have our credentials encoded, we request a bearer token:
docker_image_path="foo/bar/baz/gorillamoe" bearer_token=$(curl -s -X GET -H "Authorization: Basic $basic_auth_encoded" "https://git.itjustworks.cc/jwt/auth?client_id=docker&offline_token=true&service=container_registry&scope=repository:$docker_image_path:push,pull" | jq -r .token)
Request tags list
Now, that we have the bearer token, we can request the tags:
tags=$(curl -s -X GET -H "Authorization: Bearer $bearer_token" "https://registry.itjustworks.cc/v2/$docker_image_path/tags/list" | jq -rc .tags)
Iterate over each tag in list
And iterate over all them tags is easy as pie:
echo "Tags for $docker_image_path" for tag in $tags; do echo "$tag" done