Mirantis Secure Registry

DTR is now MSR

The product formerly known as Docker Trusted Registry (DTR) is now Mirantis Secure Registry (MSR).


Mirantis stopped maintaining this documentation set as of 2021-07-21, in correlation with the End of Life date for MKE 3.2.x and MSR 2.7.x. The company continues to support MCR 19.03.x and its documentation.

For the latest MKE, MSR, and MCR product documentation, refer to:

Mirantis Secure RegistryΒΆ

Mirantis Secure Registry (MSR) is the enterprise-grade image storage solution from Docker. You install it behind your firewall so that you can securely store and manage the Docker images you use in your applications.

Image and job management

MSR can be installed on-premises, or on a virtual private cloud. And with it, you can store your Docker images securely, behind your firewall.

You can use MSR as part of your continuous integration, and continuous delivery processes to build, ship, and run your applications.

MSR has a web user interface that allows authorized users in your organization to browse Docker images and review repository events. It even allows you to see what Dockerfile lines were used to produce the image and, if security scanning is enabled, to see a list of all of the software installed in your images. Additionally, you can now review and audit jobs on the web interface.


MSR is highly available through the use of multiple replicas of all containers and metadata such that if a machine fails, MSR continues to operate and can be repaired.


MSR has the ability to cache images closer to users to reduce the amount of bandwidth used when pulling Docker images.

MSR has the ability to clean up unreferenced manifests and layers.

Built-in access control

MSR uses the same authentication mechanism as Mirantis Kubernetes Engine. Users can be managed manually or synchronized from LDAP or Active Directory. MSR uses Role Based Access Control (RBAC) to allow you to implement fine-grained access control policies for your Docker images.

Security scanning

MSR has a built-in security scanner that can be used to discover what versions of software are used in your images. It scans each layer and aggregates the results to give you a complete picture of what you are shipping as a part of your stack. Most importantly, it correlates this information with a vulnerability database that is kept up to date through periodic updates. This gives you unprecedented insight into your exposure to known security threats.

Image signing

MSR ships with Notary built in so that you can use Docker Content Trust to sign and verify images. For more information about managing Notary data in MSR see the MSR-specific notary documentation.