# GitHub Container Registry (GHCR)

1. Generate a GitHub Personal Access Token (PAT)

   A GitHub PAT is required because GitHub doesn't currently support GitHub Apps access to container-type packages.

   Please create a [Classic PAT ](https://github.com/settings/tokens)with the following permissions:

   * **read:org** — Required to list organizations the PAT has access to
   * **read:packages** — Required to list and access packages in these organizations
   * **repo** — Required to access packages linked to private repositories

   [Learn more about creating GitHub PATs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)

   <div data-gb-custom-block data-tag="hint" data-style="warning" class="hint hint-warning"><p>A classic PAT grants access to <strong>all</strong> GitHub organizations you belong to. When you connect GHCR, Arnica automatically discovers every organization the token can reach and adds a separate registry integration for each one that has container packages. If you only want to connect specific organizations, use a fine-grained PAT scoped to those organizations instead.</p></div>

   If your GitHub organization uses SAML single sign-on (SSO), you must authorize the PAT for SSO access. In GitHub, go to **Settings > Developer settings > Personal access tokens**, find your token, and click **Configure SSO** to authorize it for the relevant organization. [Learn more about authorizing a PAT for SSO](https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/authorizing-a-personal-access-token-for-use-with-saml-single-sign-on).

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>If you belong to multiple SSO organizations but only authorize the PAT for one, Arnica will only add that authorized organization. Unauthorized organizations are skipped silently — you won't see an error for them. To add more organizations later, update your PAT's SSO authorization in GitHub and reconnect.</p></div>
2. In Arnica, click Connect next to **GitHub Container Registry (GHCR)**\
   ![](https://4035514934-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FMxc1Ek3qoIZi5t2Sx7do%2Fuploads%2Fgit-blob-8039c8d36c6107d88a97c85a4c0d3cf9f1265096%2Fimage.png?alt=media)
3. Enter an Alias (optional) and the PAT and click OK


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.arnica.io/arnica-documentation/getting-started/container-integrations/ghcr.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.