Core Concepts
Understanding a handful of key terms will help you navigate Bahriya confidently.
Organisation
An organisation is your top-level account. Everything you create — projects, registries, secrets, containers — belongs to an organisation. Billing is also tracked at the organisation level.
Project
A project groups related resources together. All the containers, secrets, and registries within a project share an isolated environment in each region they run in.
Container
A container is a running instance of a container image (any OCI-compliant image). In Bahriya, a container is the primary unit of deployment. You configure what image to run, what port it listens on, how much CPU and memory it needs, which regions it should run in, and what secrets or environment variables it should have access to.
Registry
A registry is a container image registry — for example, Docker Hub, GitHub Container Registry, or your own private registry. Any OCI-compliant registry is supported. If your image is in a private registry, you add the registry credentials to Bahriya so it can pull the image when deploying your container. Public images (like those on Docker Hub) don't require a registry entry.
Secret
A secret is an encrypted key-value pair — typically a database password, API key, or any sensitive config your container needs. Secrets are stored encrypted and injected into your container as environment variables at runtime. You link specific secrets to specific containers.
Region
A region is a geographic location where Bahriya operates. You choose which regions your container runs in when you create or update it. Deploying to multiple regions improves latency for users worldwide and provides redundancy.
Handle
Every resource in Bahriya (project, container, registry, secret) has a handle — a short, lowercase, URL-safe identifier automatically generated from the resource name when you create it (e.g. my-api, prod-db-password). Handles are immutable once set and are used in DNS hostnames and internal systems.
