diff --git a/pkg/catalogue/catalogue.go b/pkg/catalogue/catalogue.go
index a3dfd297..246a405b 100644
--- a/pkg/catalogue/catalogue.go
+++ b/pkg/catalogue/catalogue.go
@@ -540,6 +540,11 @@ func GetRecipeVersions(recipeName string) (RecipeVersions, error) {
 			return err
 		}
 
+		cl, err := client.New("default") // only required for docker.io registry calls
+		if err != nil {
+			logrus.Fatal(err)
+		}
+
 		versionMeta := make(map[string]ServiceMeta)
 		for _, service := range recipe.Config.Services {
 
@@ -564,7 +569,7 @@ func GetRecipeVersions(recipeName string) (RecipeVersions, error) {
 
 			logrus.Debugf("looking up image: '%s' from '%s'", img, path)
 
-			digest, err := client.GetTagDigest(img)
+			digest, err := client.GetTagDigest(cl, img)
 			if err != nil {
 				logrus.Warn(err)
 				continue
@@ -589,7 +594,7 @@ func GetRecipeVersions(recipeName string) (RecipeVersions, error) {
 	branch := "master"
 	if _, err := repo.Branch("master"); err != nil {
 		if _, err := repo.Branch("main"); err != nil {
-			logrus.Debugf("failed to select branch in '%s'", recipeDir)
+			logrus.Debugf("failed to select branch in %s", recipeDir)
 			logrus.Fatal(err)
 		}
 		branch = "main"
@@ -602,12 +607,12 @@ func GetRecipeVersions(recipeName string) (RecipeVersions, error) {
 		Branch: plumbing.ReferenceName(refName),
 	}
 	if err := worktree.Checkout(checkOutOpts); err != nil {
-		logrus.Debugf("failed to check out '%s' in '%s'", branch, recipeDir)
+		logrus.Debugf("failed to check out %s in %s", branch, recipeDir)
 		logrus.Fatal(err)
 	}
 
-	logrus.Debugf("switched back to '%s' in '%s'", branch, recipeDir)
-	logrus.Debugf("collected '%s' for '%s'", versions, recipeName)
+	logrus.Debugf("switched back to %s in %s", branch, recipeDir)
+	logrus.Debugf("collected %s for %s", versions, recipeName)
 
 	return versions, nil
 }
diff --git a/pkg/client/registry.go b/pkg/client/registry.go
index eac7ab11..893f1f93 100644
--- a/pkg/client/registry.go
+++ b/pkg/client/registry.go
@@ -5,11 +5,14 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"os"
 	"strings"
 
 	"coopcloud.tech/abra/pkg/web"
 	"github.com/docker/distribution/reference"
+	"github.com/docker/docker/client"
 	"github.com/hashicorp/go-retryablehttp"
+	"github.com/sirupsen/logrus"
 )
 
 type RawTag struct {
@@ -33,10 +36,20 @@ func GetRegistryTags(image string) (RawTags, error) {
 }
 
 // getRegv2Token retrieves a registry v2 authentication token.
-func getRegv2Token(image reference.Named) (string, error) {
+func getRegv2Token(cl *client.Client, image reference.Named) (string, error) {
 	img := reference.Path(image)
-	authTokenURL := fmt.Sprintf("https://auth.docker.io/token?service=registry.docker.io&scope=repository:%s:pull", img)
-	req, err := retryablehttp.NewRequest("GET", authTokenURL, nil)
+	tokenURL := "https://auth.docker.io/token"
+	values := fmt.Sprintf("service=registry.docker.io&scope=repository:%s:pull", img)
+
+	username, userOk := os.LookupEnv("DOCKER_USERNAME")
+	password, passOk := os.LookupEnv("DOCKER_PASSWORD")
+	if userOk && passOk {
+		logrus.Debugf("using docker log in credentials for registry token request")
+		values = fmt.Sprintf("%s&grant_type=password&client_id=coopcloud.tech&username=%s&password=%s", values, username, password)
+	}
+
+	fullURL := fmt.Sprintf("%s?%s", tokenURL, values)
+	req, err := retryablehttp.NewRequest("GET", fullURL, nil)
 	if err != nil {
 		return "", err
 	}
@@ -61,9 +74,10 @@ func getRegv2Token(image reference.Named) (string, error) {
 	}
 
 	tokenRes := struct {
-		Token  string
-		Expiry string
-		Issued string
+		AccessToken string `json:"access_token"`
+		Expiry      int    `json:"expires_in"`
+		Issued      string `json:"issued_at"`
+		Token       string `json:"token"`
 	}{}
 
 	if err := json.Unmarshal(body, &tokenRes); err != nil {
@@ -74,7 +88,7 @@ func getRegv2Token(image reference.Named) (string, error) {
 }
 
 // GetTagDigest retrieves an image digest from a v2 registry
-func GetTagDigest(image reference.Named) (string, error) {
+func GetTagDigest(cl *client.Client, image reference.Named) (string, error) {
 	img := reference.Path(image)
 	tag := image.(reference.NamedTagged).Tag()
 	manifestURL := fmt.Sprintf("https://index.docker.io/v2/%s/manifests/%s", img, tag)
@@ -84,11 +98,15 @@ func GetTagDigest(image reference.Named) (string, error) {
 		return "", err
 	}
 
-	token, err := getRegv2Token(image)
+	token, err := getRegv2Token(cl, image)
 	if err != nil {
 		return "", err
 	}
 
+	if token == "" {
+		logrus.Fatal("unable to retrieve registry token?")
+	}
+
 	req.Header = http.Header{
 		"Accept": []string{
 			"application/vnd.docker.distribution.manifest.v2+json",