Add way to configure image registries without secret store integration for fedramp_high

[emily-shen]

Normally, we want to use secret-store to store credentials for image registries.

However, secret store is not available in fedramp_moderate, and containers will be. If FRH is detected, wrangler will not create a secret store but rather pass the secret directly to the container control plane to handle.

---

• Tests
  • Tests included
  • Tests not necessary because:
• Public documentation
  • Cloudflare docs PR(s):
  • Documentation not necessary because: FRH for containers not currently documented
• Wrangler V3 Backport
  • Wrangler PR:
  • Not necessary because: not in v3

[changeset-bot]

🦋 Changeset detected

Latest commit: 913738a

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@11196

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@11196

miniflare

npm i https://pkg.pr.new/miniflare@11196

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@11196

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@11196

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@11196

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@11196

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@11196

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@11196

wrangler

npm i https://pkg.pr.new/wrangler@11196

commit: 913738a

[claude]

Claude finished @emily-shen's task —— View job

---

Changeset Review

Reviewing changeset file: .changeset/evil-paws-check.md

• Read changeset guidelines
• Read changeset file
• Validate version types
• Check changelog quality
• Check for markdown header violations
• Provide findings

---

⚠️ Issues found

Changelog Quality Issues:

The changeset description is too brief and doesn't follow the guidelines for new features (minor version bumps). According to .changeset/README.md:

1. Missing Usage Example: For new features, the guidelines require "a brief usage example" to help users understand how to use the new functionality. The current description only explains what changed internally but doesn't show users how to actually configure registries for FedRAMP High environments.

2. Lacks User-Facing Context: The description focuses on implementation details ("registry credentials are encrypted by the container platform") rather than explaining:

   • What the new capability enables for users
   • How users would configure registries in FedRAMP High environments
   • Any new commands, flags, or configuration options

Suggested Improvement:

The changeset should include:

• A clear explanation of what users can now do
• A concrete example showing how to configure image registries for FedRAMP High
• Any relevant command syntax or configuration format

Example format:

Add support for configuring image registries in FedRAMP High environments

You can now configure container image registries in FedRAMP High environments. When deploying to a FedRAMP High region, wrangler will automatically send registry credentials directly to the container control plane instead of using the secret store (which is not available in FedRAMP High).

Usage example showing the command or configuration would go here.

No issues with:

• ✅ Version types (both minor for new feature, no major for wrangler)
• ✅ Markdown headers (no h1/h2/h3 headers used)
• ✅ Package coverage (both affected packages listed)

---