Core Concepts
Understanding a handful of key terms will help you navigate Bahriya confidently.
Understanding a handful of key terms will help you navigate Bahriya confidently.
Organisation
An organisation is your top-level account. Everything you create — projects, registries, secrets, containers — belongs to an organisation. Billing is also tracked at the organisation level.
Project
A project groups related resources together. All the containers, secrets, and registries within a project share an isolated environment in each region they run in.
Container
A container is a running instance of a container image (any OCI-compliant image). In Bahriya, a container is the primary unit of deployment. You configure what image to run, what port it listens on, how much CPU and memory it needs, which regions it should run in, and what secrets or environment variables it should have access to.
Registry
A registry is a container image registry — for example, Docker Hub, GitHub Container Registry, or your own private registry. Any OCI-compliant registry is supported. If your image is in a private registry, you save its credentials in Bahriya at the organisation level, attach the registry to your project, then name it on the container so the platform can authenticate when pulling the image. Public images (like those on Docker Hub) don't require a registry entry.
Secret
A secret is an encrypted value — typically a database password, API key, or any sensitive config your container needs. Secrets are created at the organisation level, attached to a project, then wired into a container by mapping each secret to a specific environment-variable name. Decryption happens at deploy time.
Region
A region is a geographic location where Bahriya operates. You choose which regions your container runs in when you create or update it. Deploying to multiple regions improves latency for users worldwide and provides redundancy.
Handle
Every resource in Bahriya (project, container, registry, secret) has a handle — a short, lowercase, URL-safe identifier automatically generated from the resource name when you create it (e.g. my-api, prod-db-password). Handles are immutable once set and are used in DNS hostnames and internal systems.