>
    Strata Copilot
    Create an OCI Registry Built-in Account
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security Overview
    5. Built-in Accounts Overview
    6. Create an OCI Registry Built-in Account
    Next‑Gen Trust Security

    Create an OCI Registry Built-in Account

    Table of Contents

    Create an OCI Registry Built-in Account

    A CyberArk OCI Registry built-in account retrieves artifacts, including enterprise Kubernetes components, from the CyberArk OCI registry.
    When using this built-in account to pull artifacts from the OCI registry, the built-in account creation wizard provides commands for creating a secret for Kubernetes or Red Hat OpenShift, along with a Docker Config file.

    To Create an OCI Registry Built-in Account #

    1. Sign in to Next-Gen Trust Security.
    2. Click System Settings > Built-in Accounts.
    3. Click New.
    4. Choose the desired use case from the Use case list, and click Continue. The use cases available for you to choose depend on which Next-Gen Trust Security components you have licenses for.
    5. Enter a Name for your new built-in account.
    6. (Conditional) Enter the number of days for which you want the account to remain valid in the Validity (days) field. You can select any number from 1 to 365 days. This step doesn't apply when creating a Custom API Integration built-in account.
    7. Select the desired Scope, and click Create. Learn more
    8. In the Credentials section, copy and safely store the CyberArk OCI registry address as well as the credential Username and Password.
      Important: Store these authentication credentials securely as they cannot be recovered if lost. This is your only opportunity to copy these authentication credentials.
    9. Select the relevant installation option for your system:
      Kubernetes
      Note: You must have kubectl installed on your system to complete the following steps.
      1. From the first text area, copy and run the kubectl create namespace venafi command to create the default namespace.
      2. Next, also from the first text area, copy and run the remaining code for the kubectl apply command to create a secret in Kubernetes.
      3. Copy and use the command in the second text area in this section to update the default Kubernetes service account to use the image pull secret, and enable all workloads in the namespace to use it.
      Red Hat OpenShift
      Note: You must have the OpenShift CLI tool oc installed on your system to complete the following steps.
      1. From the first text area, copy and run the oc create namespace venafi command to create the default namespace.
      2. Next, also from the first text area, copy and run the remaining code for the oc apply command to create a secret in OpenShift.
      3. Copy and use the command in the second text area in this section to update the default OpenShift service account to use the image pull secret, and enable all workloads in the namespace to use it.
      Docker Config Format
      • Copy the generated content and save it as oci_registry_docker_config.json.
    10. Click Finish to return to the Built-in Accounts page.

    © 2026 Palo Alto Networks, Inc. All rights reserved.