$ IMAGE_NAME=$(uuidgen)
$ docker build -t ttl.sh/${IMAGE_NAME}:1h .
$ docker push ttl.sh/${IMAGE_NAME}:1h
................................................
image ttl.sh/xxxx-yyyy-nnnn-2a2222-4b44 is available for 1 hour
ttl.sh is contributed by Replicated (www.replicated.com)
1. Tag your image with ttl.sh, a UUID, & time limit (i.e. :2h)
2. Push your image
3. Pull your image (before it expires)
No login required. Image names provide the initial secrecy for access. Add a UUID to your image name to reduce discoverability.
Image tags provide the time limit. The default is 24 hours, and the max is 24 hours (valid time tags :5m, :1600s, :4h, :1d)
Pulling images is really quick, so it just works thanks to Cloudflare. Even if you aren't near us-east-1.
Many workflows in CI will build an image, and then subsequent steps will test that image in parallel. Docker registries are a commonly used storage mechanism for these intermediate build artifacts. One build step can push an image, and other distributed steps can pull. The challenge is that most registries require authentication to push and pull. A workflow can either bake credentials in and share them to build workers, or require forked builds to bring their own registry credentials. The first is insecure, the second creates friction for new contributors.
ttl.sh solves this by making an ephemeral and anonymous registry.