Skip to content

APIs & References

How to pull helm-chart images for onboarding air-gapped IEM¶

IECTL provides token fetch commands for registry, that allows you to retrieve authentication tokens. These tokens can be used to pull helm chart images that are needed to onboard an air-gapped IEM.

Prerequisites¶

Create Technical user on IEHUB. See the Create CLI User for detailed setup instructions.
Before fetching tokens, you must configure IECTL with the appropriate connection details for each service. See the Managing IEHUB Configurations for detailed setup instructions.

Note
Make sure your technical user have privilege to Create / Manage IEM instances, this allows this user to pull images as well.

Adding Configurations¶

# Add IEHUB configuration  
iectl config add iehub --name my-iehub --url https://iehub.example.com --user myuser@company.com --password-stdin

Fetch Registry Token Commands¶

iectl iehub token get-registry-token

This command fetches an authentication token for the configured IEHUB instance to pull IEM helm-chart images.

Pull Images using Auth Token¶

For automation scripts and CI/CD pipelines, you can fetch tokens once at the beginning of your workflow and reuse them throughout:

On Linux

# Set variables
export AUTH_USER='<technical user email>'
export REG_URL='<registry url>'

# Get token (ensure iectl is in your PATH)
export AUTH_TOKEN="$AUTH_USER:"$(iectl iehub token  get-registry-token)
export AUTH_TOKEN_ENCODED=$(echo -n $AUTH_TOKEN | base64 -w0)
echo "{\"auths\":{\"$REG_URL\":{\"auth\":\"$AUTH_TOKEN_ENCODED\"}}}" > ~/.docker/config.json

# Pull the image with Docker
docker pull '<helm-chart image>'

# Pull the same image using Google’s crane tool 
crane pull '<helm-chart image>' ./myimage.tar  # Downloads the image and saves it as myimage.tar

On Windows(Powershell)

# Set variables
$AUTH_USER = "<technical user email>"
$REG_URL = "<registry url>"

# Get token (ensure iectl is in your PATH)
$REGISTRY_TOKEN = iectl iehub token get-registry-token

# Construct the auth string and encode (format: username:token, base64 encoded)
$AUTH_TOKEN = "$AUTH_USER`:$REGISTRY_TOKEN"
$AUTH_TOKEN_ENCODED = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($AUTH_TOKEN))
$CONFIG = "{`"auths`":{`"$REG_URL`":{`"auth`":`"$AUTH_TOKEN_ENCODED`"}}}"
$CONFIG | Set-Content -Path "$HOME\.docker\config.json"

# Pull the image with Docker
docker pull '<helm-chart image>'

# Pull the same image using Google’s crane tool 
crane pull '<helm-chart image>' ./myimage.tar  # Downloads the image and saves it as myimage.tar

Managing Configurations - How to add and manage IECTL configurations
IEHUB Registry Token Command - Generate authentication token to pull iem helm images from iehub registry (for air gapped iems)