Anonymous & ephemeral Docker image registry


                  
$ IMAGE_NAME=$(uuidgen)
$ docker build -t ttl.sh/${IMAGE_NAME}:1h .
$ docker push ttl.sh/${IMAGE_NAME}:1h
................................................
image ttl.sh/xxxx-yyyy-nnnn-2a2222-4b44 is available for 1 hour
ttl.sh is contributed by Replicated (www.replicated.com)

Free to use. No need to sign-up. Open source.

How to use ttl.sh

Anonymous

No login required. Image names provide the initial secrecy for access. Add a UUID to your image name to reduce discoverability.

Ephemeral

Image tags provide the time limit, the default is 1 hour, the max is 24 hours (valid time tags :5m, :1600s, :4h, :1d)

Fast

Pulling images is really quick, so it just works thanks to Cloudflare. Even if you aren't near us-east-1.

How we're using it

Workflows in CI

Many workflows in CI will build an image, and then subsequent steps will test that image in parallel. Docker registries are a commonly used storage mechanism for these intermediate build artifacts. One build step can push an image, and other distributed steps can pull. The challenge is that most registries require authentication to push and pull. A workflow can either bake credentials in and share them to build workers, or require forked builds to bring their own registry credentials. The first is insecure, the second creates friction for new contributors.


ttl.sh solves this by making an ephemeral and anonymous registry.