Google has announced a private container registry service running on the Google Cloud Platform which could aims to take the pain out of securing Docker-based projects.

Docker containers, designed to improve and speed the process of moving applications from development into production, use an open source production process that unblocks some of the bottlenecks in project progress. However, security concerns have been raised, which led to a niche market for  security solutions. According to Google its Private Container Registry service addresses this.

“A private registry gives far more control over images and allows for granular sharing of the images.  It should also provide greater levels of security – less chance for man-in-the-middle attacks or other means of getting to the images in a date centre,” said analyst Clive Longbottom, senior researcher at Quocirca.

Granular sharing

San Francisco-based startup Docker has gained widespread popularity in its 20 month existence by creating a system that describes that application’s infrastructure requirements, which subsequently makes it easier to install on any kind of hardware or cloud. The app is not tied to an operating system or a particular server.

The aim of Google’s Register it to take the pain out of another part of the production process, by giving users a secure private registry without the bureaucracy involved in securing and managing it.

The service is currently in beta and free, with early adopters users currently only paying for the cloud storage needed to host their images and network resources they consume.

The service will host a company’s private images in Google Cloud Storage under their own Google cloud project. This restricts access to the images to those involved in the project, who can distribute images through the Google Cloud SDK command line.

Images are automatically encrypted before being written to disk. They are cached in Google’s data centers and can be deployed to Google Container Engine clusters or container-optimized VMs available on Google Compute Engine.

The problem with private registries is they need valid certificates, authentication and firewalls, backups, and monitoring explained Steve Reed, principal engineer at Zulily, one of the pioneer trialists of the system. “Google’s container registry gives us with a complete Docker registry that we integrate into our development and deployment workflow with little effort,” said Reed.

The limitations of public registries for container images have been addressed by a number of start ups who see the security threat as a market opportunity.

New York startup Quay.io created the first hosted private registry for Docker containers and in August 2014 a new competitor CoreOS, acquired Quay.io and introduced the first registry users that could be installed in any company’s own data centers behind its own firewalls.

“The register is important for developers and for businesses,” said Quocirca’s Longbottom. “Expect to find many more Docker private registries being set up as offerings from cloud companies.”