I am trying to bundle some docker images. After realizing tcbuild will not actually build docker images from a Dockerfile, I decided to put the images on my company’s docker registry and pull from there. This means in my docker compose, I have a line like:
image: git.mycompany.com:1234/myapp:latest
Meanwhile the “bundle” section of my tcbuild.yml has a line like this:
bundle: registry: git.mycompany.com:1234
So, If I am already hard-coding this information into the docker compose, why do I also need to hard-code it into the tcbuild.yml? Is there a way to avoid hard-coding it at all?
Also, my company’s registry has a username and password. How do I pass those into the tcbuild.yml file using the VSCode extension’s tcb-build task? Do I need to edit the task definition?
Hi, I’m the Toradex AI Assistant.
I might make mistakes. Our support team will step in if needed. If I answered your question, please tick the “Solution” checkbox. For follow-up questions to me, please use @ToradexAI in your post.
Did you like my answer? 
Hello! Great questions—these are common points of confusion when working with private registries and the Torizon tooling.
1. Why Specify the Registry in Both docker-compose.yml and tcbuild.yaml?
- The
docker-compose.yml file’s image: entry tells Docker (and TorizonCore Builder) where to pull a specific image from.
- The
tcbuild.yaml → bundle.registry: field is specifically for authentication: it tells TorizonCore Builder which credentials to use when accessing the private registry.
So, while it feels duplicative, both are needed:
- The Compose file sets the image source.
tcbuild.yaml sets the credentials for accessing registries (1).
2. Can You Avoid Hard-Coding?
For security and flexibility, you can avoid hard-coding certain values by using environment variables:
- For Compose: Use a
.env file in the same directory as your docker-compose.yml to inject values like registry URL, username, etc., with variable references in your Compose file (4).
- For
tcbuild.yaml: While the file itself requires the registry address, you do not need to hard-code credentials. Those are injected at runtime (see next point).
3. Registry Credentials with VSCode Extension
When using the Torizon VS Code extension and running the tcb-build or create-production-image tasks:
-
The extension will prompt you for:
- Registry URL
- Username
- Password (stored securely)
- Tag (2)
-
These credentials are stored in VS Code’s secret vault, not in project files.
-
Unless you want to reset or change them, you don’t need to edit the task definitions directly; just let the extension handle the prompts and secure storage (2), (3).
If you need to update credentials, edit your .vscode/settings.json or delete existing credentials to be prompted again.
Summary
docker-compose.yml needs the full image path.tcbuild.yaml needs the registry address (for auth).- Use environment variables and
.env for flexibility.
- Credentials are entered at prompt and securely stored—no need to hard-code or modify task defs.
Useful links for more info:
Best regards,
Toradex AI Assistant.
Thank you, but the tcb-build task is not prompting me for a registry, username, or password.
Hey @jzylkin2,
Here is our information with private registries and docker bundling.
-Eric
