Learn container registry vocabulary: pushing images, image tags vs. digests, registry authentication, Artifactory as internal registry, image promotion workflow — essential for professional container workflows.
0 / 5 completed
1 / 5
The DevOps engineer says: 'The CI pipeline builds the image and pushes it to the registry.' What is a container registry?
A container registry is a centralised service for storing, versioning, and distributing container images. Docker Hub is the most well-known public registry. Organisations often use private registries (AWS ECR, Google Artifact Registry, JFrog Artifactory, GitHub Container Registry) to store proprietary images securely. 'Pushing to the registry' means uploading a built image so it can be pulled and run elsewhere.
2 / 5
The developer explains: 'The image tag is the version identifier — we tag release builds with the git commit SHA.' What is an image tag?
An image tag is a mutable label (e.g., 'v1.2.3', 'latest', 'abc123ef') assigned to an image in the registry. Tags are mutable — they can be reassigned to different image layers over time. This is why using 'latest' in production is discouraged: the 'latest' tag may point to a different image tomorrow than it does today. Using git commit SHAs or semantic version tags provides more stable references.
3 / 5
The security engineer says: 'Use the image digest, not the tag, for production deployments.' What is an image digest?
An image digest is the SHA-256 hash of the image manifest — it is immutable and uniquely identifies exact image content. Referencing an image by digest (e.g., nginx@sha256:abc123...) guarantees you always get exactly that image, even if the tag is later reassigned. This is important for reproducibility and security in production deployments.
4 / 5
The platform team says: 'The registry requires authentication — use docker login before pulling internal images.' Why does the registry require authentication?
Private container registries require authentication to control access. Authentication (via 'docker login' or service account tokens in CI/CD) ensures only authorised users and systems can pull (download) or push (upload) images. This protects proprietary application code packaged in images and prevents unauthorised access to internal infrastructure components.
5 / 5
The release manager describes: 'We promote images from the dev registry to the prod registry after staging sign-off.' What is an image promotion workflow?
Image promotion is the practice of moving a validated container image through registries or repositories as it passes quality gates — typically from a dev/CI registry to staging, then to a prod registry — without rebuilding the image. This ensures the exact same artefact that was tested in staging is deployed to production. Rebuilding introduces risk of non-deterministic build outputs.