Skip to main content
This page documents all configuration options for connecting to Root’s registries, including authentication, network settings, and recommended CI/CD variable names.

Registry Configuration

Root exposes two registries: Per-ecosystem package registry URLs: Per-ecosystem configuration file locations:

Authentication Configuration

Token format: Root tokens are opaque strings used as passwords. There is no specific prefix or format requirement for registry tokens. API keys use the prefix apik_. Token scopes: A single Root token provides access to both cr.root.io and pkg.root.io. There are no separate per-registry tokens. Per-registry credential configuration:
See Authentication for per-ecosystem setup instructions.

Environment Variables

The following environment variables are recognized by the Root CLI and registry integrations: Root uses two different tokens for two different purposes: These are separate credentials. You need both if you use both the registries and the patcher CLI.

Proxy and Network Settings

Root’s registries support standard HTTP proxy configuration:
Docker respects these environment variables for registry pulls. Set them before running docker pull or in Docker’s daemon configuration:
TLS / custom certificates: If your organization uses a TLS intercepting proxy or a private CA, configure Docker to trust your CA certificate:

CI/CD Variable Reference

Recommended secret names for common CI/CD systems: GitHub Actions (store in Repository or Organization Secrets): Usage:
GitLab CI (store in Project or Group CI/CD Variables, masked): Usage:
CircleCI (store in Project Environment Variables): Jenkins (store as a Secret Text credential):
HashiCorp Vault: Store your Root token at a path like secret/root/token and retrieve it via Vault’s CI/CD integrations.