Container image storage in Azure Container Registry
Every Basic, Standard, and Premium Azure container registry benefits from advanced Azure storage features like encryption-at-rest for image data security and geo-redundancy for image data protection. The following sections describe both the features and limits of image storage in Azure Container Registry (ACR).
All container images in your registry are encrypted at rest. Azure automatically encrypts an image before storing it, and decrypts it on-the-fly when you or your applications and services pull the image. Optionally apply an additional encryption layer with a customer-managed key.
Azure uses a geo-redundant storage scheme to guard against loss of your container images. Azure Container Registry automatically replicates your container images to multiple geographically distant data centers, preventing their loss in the event of a regional storage failure.
For scenarios requiring even more high-availability assurance, consider using the geo-replication feature of Premium registries. Geo-replication helps guard against losing access to your registry in the event of a total regional failure, not just a storage failure. Geo-replication provides other benefits, too, like network-close image storage for faster pushes and pulls in distributed development or deployment scenarios.
Azure Container Registry allows you to create as many repositories, images, layers, or tags as you need, up to the registry storage limit.
Very high numbers of repositories and tags can impact the performance of your registry. Periodically delete unused repositories, tags, and images as part of your registry maintenance routine, and optionally set a retention policy for untagged manifests. Deleted registry resources such as repositories, images, and tags cannot be recovered after deletion. For more information about deleting registry resources, see Delete container images in Azure Container Registry.
For full details about pricing, see Azure Container Registry pricing.
For more information about Basic, Standard, and Premium container registries, see Azure Container Registry service tiers.