Skip to content

Docs CSC now features an automatic Finnish translation. Click here for more information.

Warning!

Puhti and Mahti are being decommissioned in stages, and their storage areas will become fully unavailable from 15 October 2026. Clean up unnecessary files and move any data you need to keep by 31 August 2026. See the Roihu data migration guide for instructions on transferring your data to Roihu.

Puhti scratch is very full: keep only active data there and move or delete everything else. No new Puhti scratch quota will be granted.

Best Practices

Following these best practices will help you manage container images in Satama efficiently and securely.

Organize Repositories Clearly

If you are a project admin, create repositories in a way that makes sense to your team. For example, repositories can be grouped by:

  • Application
  • Microservice
  • Environment (development, staging, production)

A clear structure helps others quickly locate and reuse images.

Assign Appropriate User Permissions

Project administrators should assign permissions carefully.

Only users who need to push images should receive Developer access. Users who only need to pull images should remain Guests. Limiting push permissions helps prevent accidental overwrites or unauthorized image modifications.

Use Robot Accounts for Automation

Try to use project-scoped robot accounts rather than using personal login. Robot accounts provide several advantages:

  • Controlled access permissions
  • Easier credential rotation
  • Reduced risk of exposing personal accounts

This approach improves security and simplifies automation workflows.

Use CLI Secrets for Authentication

If you authenticate using a myCSC account, always use the CLI secret instead of the Web UI password when logging in through Docker or other command-line tools.

Using CLI secrets ensures secure authentication and prevents issues caused by expired UI sessions.

Avoid Using the latest Tag

Avoid relying on the latest tag for production images. The latest tag can be overwritten and may not always refer to the expected version of an image.

Instead, use meaningful and consistent tags such as:

  • Version numbers (v1.2.0)
  • Release identifiers (release-2024-01)
  • Commit hashes (git-sha)

Using explicit version tags improves traceability and ensures reproducible deployments.

Regularly Review Vulnerability Reports

Periodically review vulnerability scan reports for images stored in Satama.

If vulnerabilities are detected: * Update the base image * Update affected packages * Rebuild the container image

High-severity vulnerabilities should be addressed before deploying images to production environments.

Remove Unused Images

Over time, repositories may accumulate outdated images and unused tags. Removing these unused artifacts helps keep the registry organized.

Cleaning up old images provides several benefits: * Reduces storage usage * Prevents confusion between image versions * Improves overall repository management

Administrators can also configure tag retention policies to automatically remove outdated tags while preserving the most recent or important versions.