Skip to main content
Truss uses containerized environments to ensure consistent model execution across deployments. When deploying a custom base image or a custom server from a private registry, you’ll need to grant Baseten access to download that image.

AWS Elastic Container Registry (ECR)

AWS supports OIDC, service accounts, and access tokens for container registry authentication. OIDC provides short-lived, narrowly scoped tokens for secure authentication without managing long-lived credentials.
  1. Configure AWS to trust the Baseten OIDC provider and create an IAM role with ECR permissions.
  2. Add the OIDC configuration to your config.yaml:
config.yaml
base_image:
  image: <aws-account-id>.dkr.ecr.<region>.amazonaws.com/path/to/image
  docker_auth:
    auth_method: AWS_OIDC
    aws_oidc_role_arn: arn:aws:iam::<aws-account-id>:role/baseten-ecr-access
    aws_oidc_region: <region>
    registry: <aws-account-id>.dkr.ecr.<region>.amazonaws.com
No secrets needed! The aws_oidc_role_arn and aws_oidc_region are not sensitive and can be committed to your repository.
See the OIDC authentication guide for detailed setup instructions and best practices.

AWS IAM Service accounts

To use an IAM service account for long-lived access, use the AWS_IAM authentication method in Truss.
  1. Get an AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the AWS dashboard.
  2. Add these as secrets in Baseten. Name them aws_access_key_id and aws_secret_access_key.
  3. Choose the AWS_IAM authentication method when setting up your Truss. The config.yaml file should look like this:
config.yaml
...
  base_image:
    image: <aws-account-id>.dkr.ecr.<region>.amazonaws.com/path/to/image
    docker_auth:
      auth_method: AWS_IAM
      registry: <aws-account-id>.dkr.ecr.<region>.amazonaws.com
  secrets:
    aws_access_key_id: null
    aws_secret_access_key: null
...
Specify the registry and image separately. To use different secret names, configure the aws_access_key_id_secret_name and aws_secret_access_key_secret_name options under docker_auth: 
...
base_image:
  ...
  docker_auth:
    auth_method: AWS_IAM
    registry: <aws-account-id>.dkr.ecr.<region>.amazonaws.com
    aws_access_key_id_secret_name: custom_aws_access_key_secret
    aws_secret_access_key_secret_name: custom_aws_secret_key_secret
secrets:
  custom_aws_access_key_secret: null
  custom_aws_secret_key_secret: null

Access Token

  1. Get the Base64-encoded secret:
PASSWORD=`aws ecr get-login-password --region <region>`
echo -n "AWS:$PASSWORD" | base64
  1. Add a new secret to Baseten named DOCKER_REGISTRY_<aws-account-id>.dkr.ecr.<region>.amazonaws.com with the Base64-encoded secret as the value.
  2. Add the secret name to the secrets section of config.yaml to allow this model to access the secret when pushed.
config.yaml
secrets:
  DOCKER_REGISTRY_<aws-account-id>.dkr.ecr.<region>.amazonaws.com: null

Google Cloud Artifact Registry

GCP supports OIDC, service accounts, and access tokens for container registry authentication.
This method also works with Google Container Registry (gcr.io, <region>.gcr.io).
OIDC provides short-lived, narrowly scoped tokens for secure authentication without managing long-lived credentials.
  1. Configure GCP Workload Identity to trust the Baseten OIDC provider and grant Artifact Registry permissions.
  2. Add the OIDC configuration to your config.yaml:
config.yaml
base_image:
  image: gcr.io/my-project/my-image:latest
  docker_auth:
    auth_method: GCP_OIDC
    gcp_oidc_service_account: baseten-oidc@my-project.iam.gserviceaccount.com
    gcp_oidc_workload_id_provider: projects/<project-number>/locations/global/workloadIdentityPools/baseten-pool/providers/baseten-provider
    registry: gcr.io
No secrets needed! The service account and workload identity provider are not sensitive and can be committed to your repository.
See the OIDC authentication guide for detailed setup instructions and best practices.

Service Account

  1. Get your service account key as a JSON key blob.
  2. Add a new secret to Baseten named gcp-service-account (or similar) with the JSON key blob as the value.
  3. Add the secret name to the secrets section of config.yaml to allow this model to access the secret when pushed.
config.yaml
secrets:
  gcp-service-account: null
  1. Configure the docker_auth section of your base_image to use service account authentication:
base_image:
  ...
  docker_auth:
    auth_method: GCP_SERVICE_ACCOUNT_JSON
    secret_name: gcp-service-account
    registry: <region>-docker.pkg.dev
secret_name must match the secret you created in step 2.

Access Token

  1. Get your access token.
  2. Add a new secret to Baseten named DOCKER_REGISTRY_<region>-docker.pkg.dev with the Base64-encoded secret as the value.
  3. Add the secret name to the secrets section of config.yaml to allow this model to access the secret when pushed.
config.yaml
secrets:
  DOCKER_REGISTRY_<region>-docker.pkg.dev: null

Docker Hub

  1. Get the Base64-encoded secret:
echo -n 'username:password' | base64
  1. Add a new secret to Baseten named DOCKER_REGISTRY_https://index.docker.io/v1/ with the Base64-encoded secret as the value.
Name: DOCKER_REGISTRY_https://index.docker.io/v1/
Token: <Base64-encoded secret>
  1. Add the secret name to the secrets section of config.yaml:
config.yaml
secrets:
  DOCKER_REGISTRY_https://index.docker.io/v1/: null

GitHub Container Registry (GHCR)

  1. Create a GitHub Personal Access Token with the read:packages scope. Use a classic token, not fine-grained.
  2. Get the Base64-encoded secret: 
echo -n 'github_username:ghp_your_personal_access_token' | base64
  1. Add a new secret to Baseten named DOCKER_REGISTRY_ghcr.io with the Base64-encoded secret as the value.
Name: DOCKER_REGISTRY_ghcr.io
Token: <Base64-encoded secret>
  1. Add the secret name to the secrets section of config.yaml:
config.yaml
base_image:
  image: ghcr.io/your-org/your-image:tag
secrets:
  DOCKER_REGISTRY_ghcr.io: null

NVIDIA NGC

  1. Generate an NGC API Key from your NVIDIA NGC account.
  2. Get the Base64-encoded secret: 
echo -n '$oauthtoken:your_ngc_api_key' | base64
The username $oauthtoken is a literal string, not a variable. Use it exactly as shown.
  1. Add a new secret to Baseten named DOCKER_REGISTRY_nvcr.io with the Base64-encoded secret as the value.
Name: DOCKER_REGISTRY_nvcr.io
Token: <Base64-encoded secret>
  1. Add the secret name to the secrets section of config.yaml:
config.yaml
base_image:
  image: nvcr.io/nvidia/pytorch:24.01-py3
secrets:
  DOCKER_REGISTRY_nvcr.io: null