This talks about configuring the registry.
My current configuration - the default - at /etc/docker/registry/config.yml is:
version: 0.1 log: fields: service: registry storage: cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3
So I have made a registry image which makes it use basic access authentication with the password defined by new-registry-password secret. The current password is registry-password secret.
Now random people can;t read and write the registry - probably for the best!