replicatedhq · AmberAlston · Jun 18, 2025 · Jun 17, 2025 · Jun 17, 2025 · Jun 17, 2025
@@ -1,6 +1,6 @@
 # Replicated Registry Security
 
-This document lists the security measures and processes in place to ensure that images pushed to the Replicated registry remain private. For more information about pushing images to the Replicated registry, see [Using the Replicated Registry for KOTS Installations](private-images-replicated).
+This document lists the security measures and processes in place to ensure that images pushed to the Replicated registry remain private. For more information about pushing images to the Replicated registry, see [About the Replicated Registry Option for KOTS Installations](private-images-replicated).
 
 
 ## Single Tenant Isolation

@@ -1,12 +1,14 @@
 import TeamTokenNote from "../partials/vendor-api/_team-token-note.mdx"
 
-# Use the Replicated Registry for KOTS Installations
+# About the Replicated Registry Option for KOTS Installations
 
-This topic describes how to push images to the Replicated private registry.
+This topic describes how to push images to the Replicated registry. The information in this topic applies only to installations managed with Replicated KOTS.
 
 ## Overview
 
-For applications installed with KOTS, you can host private images on the Replicated registry. Hosting your images on the Replicated registry is useful if you do not already have your images in an existing private registry. It is also useful for testing purposes.
+For applications installed with KOTS, you can optionally host private images on the Replicated registry. Hosting your images on the Replicated registry can be useful for testing purposes.
+
+For all production releases, Replicated recommends using the Replicated proxy registry for both private and public image distribution, rather than hosting images on the Replicated registry. The proxy registry provides a globally-distributed and highly-performant method to grant pull-through access to application images. For more information, see [About the Replicated Proxy Registry](/vendor/private-images-about).
 
 Images pushed to the Replicated registry are displayed on the **Images** page in the Vendor Portal:
 
@@ -26,6 +28,8 @@ The Replicated registry has the following limitations:
 
 * You might encounter a timeout error when pushing images with layers close to or exceeding 2GB in size, such as: "received unexpected HTTP status: 524." To work around this, reduce the size of the image layers and push the image again. If the 524 error persists, continue decreasing the layer sizes until the push is successful.
 
+* The ability to push images to the Replicated registry is available only for KOTS-managed installations. Pushing images to the Replicated registry is not supported for Helm installations.
+
 ## Push Images to the Replicated Registry
 
 This procedure describes how to tag and push images to the Replicated registry. For more information about building, tagging, and pushing Docker images, see the