# Defining ImagePullSecrets for Coder workspaces
Eric Paulsen
January 12, 2024 --- Coder workspaces are commonly run as Kubernetes pods. When run inside of an enterprise, the pod image is typically pulled from a private image registry. This guide walks through creating an ImagePullSecret to use for authenticating to your registry, and defining it in your workspace template. ## 1. Create Docker Config JSON File Create a Docker configuration JSON file containing your registry credentials. Replace ``, ``, and `` with your actual Docker registry URL, username, and password. ```json { "auths": { "": { "username": "", "password": "" } } } ``` ## 2. Create Kubernetes Secret Run the below `kubectl` command in the K8s cluster where you intend to run your Coder workspaces: ```console kubectl create secret generic regcred \ --from-file=.dockerconfigjson= \ --type=kubernetes.io/dockerconfigjson \ --namespace= ``` Inspect the secret to confirm its contents: ```console kubectl get secret -n regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode ``` The output should look similar to this: ```json { "auths": { "your.private.registry.com": { "username": "ericpaulsen", "password": "xxxx", "auth": "c3R...zE2" } } } ``` ## 3. Define ImagePullSecret in Terraform template With the ImagePullSecret now created, we can add the secret into the workspace template. In the example below, we define the secret via the `image_pull_secrets` argument. Note that this argument is nested at the same level as the `container` argument: ```hcl resource "kubernetes_pod" "dev" { metadata { # this must be the same namespace where workspaces will be deployed namespace = "workspaces-namespace" } spec { image_pull_secrets { name = "regcred" } container { name = "dev" image = "your-image:latest" } } } ``` ## 4. Push New Template Version Update your template by running the following commands: ```console coder login coder templates push ```