Who can access container images pushed to registry.heroku.com?


When pushing container images to the Heroku registry, how are these secured?


Docker images hosted in our container registry can only be accessed by collaborators on the app that you're pushing images for. There are no other sharing mechanisms available. Under certain circumstances, Heroku staff can access these subject to our policies and internal controls, for example when a customer requests assistance with diagnosing an issue involving the container runtime.

Instead of storing sensitive data in the image itself, we recommend that you use configuration variables as these provide an easier option for rotating credentials etc. without having to rebuild and redeploy the image. The ENV command in the container image is intended for configuring the runtime, not providing access to resources, when running on Heroku.

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support