Dockyard
Stripe-gated private Docker registry
Sell Dockerised apps by subscription — a Stripe-gated Docker registry with no source handoff, just pull credentials.
- Docker container
- Kubernetes Helm chart
- 5 database engines
- 1 queue backend
- 2 object-store backends
- 4 auth methods
- 1 notification driver
- 1 cache engine
- 4 languages (EN, FR, ES, PT)
- REST API + OpenAPI 3.0.3
Dockyard sits between your customers and a CNCF Distribution registry, enforcing Stripe-based entitlements. Vendors push once; customers pull via scoped tokens. The registry is network-isolated — only Dockyard proxies auth. Stripe webhooks keep subscriptions in sync. Multi-tenant with RBAC, audit logs, and multiple plans per image. Perfect for SaaS vendors distributing containerized apps, consultants packaging solutions, and internal chargeback-based registries.
Key features
CNCF Distribution v3 registry with Stripe Connect billing integration
JWT RS256 token auth with JWKS-based registry validation
Network-isolated registry — all access proxied through Dockyard
Scoped pull credentials (regkeys) per customer and ecosystem with expiry
AES-256-GCM encrypted credentials at rest with HMAC blind-index lookups
Webhook auto-deployment on image push
Stripe Checkout and Customer Portal for self-service billing
RBAC: platform admin, vendor, customer roles
Multi-database: Postgres, MySQL, SQLite, SQL Server
Svelte 5 / Tailwind 4 admin and customer dashboards
Where it goes beyond the obvious
Two-layer JWT validation (Dockyard + Registry) for defence-in-depth
AES-256-GCM encrypted credentials with HMAC blind indexes for constant-time lookups
First-class Stripe billing integration — no custom payment UI
Smart proxy fronting a network-isolated registry
Tech highlights
- Registry: CNCF Distribution v3 (registry:3)
- Auth: JWT RS256, HMAC blind indexes, AES-256-GCM encryption
- Billing: Stripe Connect with webhook sync
- Databases: Postgres, MySQL, SQLite, SQL Server
- Blob: S3-compatible (MinIO, S3, Azure, DO Spaces)
Built on
REST API surface
- POST /auth/register Self-register
- POST /auth/login Session cookie + CSRF
- GET /auth/registry-token Docker token auth (JWT RS256)
- CRUD /products Products with Stripe pricing
- POST /checkout/session Stripe Checkout URL
- GET /my/access Customer pull credentials
- POST /my/credentials/regenerate Rotate pull keys
- GET /v2/* OCI Distribution v3 proxy
Full spec at GET /openapi — Swagger UI at /swagger/
Backends you can actually pick from.
This service speaks the backends below natively. Swap with a single environment variable.
Databases
- PostgreSQL
- MySQL
- SQLite
- SQL Server
- MongoDB
Queues
- Redis
Cache
- Redis
Object storage
- S3/MinIO (registry layer)
- Local
Notifications
- SMTP
Auth
- Local bcrypt
- LDAP/AD
- OIDC
- JWT HS256/RS256
Use cases
SaaS vendors selling Dockerised applications to enterprise customers
Consultants distributing packaged solutions as Docker images
Internal corporate registries with chargeback models
Platform teams managing access to curated container libraries
CI/CD providers offering containerized build agents by subscription
Dockyard vs Replicated, Docker Hub (paid plans), AWS Marketplace
Sell Docker images like SaaS, without handing over source
Architecture patterns featuring this service
More in registry
Deploy Dockyard. Today.
One Docker image. One compose stack. One afternoon to production. Dockyard is waiting.