diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 07ce4b6d715..e55ca6f9c6b 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -176,6 +176,16 @@ production: &base
     repository_archive_cache_worker:
       cron: "0 * * * *"
 
+  registry:
+    # enabled: true
+    # host: localhost
+    # port: 5000
+    # https: false
+    # internal_host: localhost
+    # key: config/registry.key
+    # issuer: omnibus-certificate
+    # path: shared/registry
+
   #
   # 2. GitLab CI settings
   # ==========================
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 01ee8a0d525..b94f3f2f901 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -275,6 +275,7 @@ Settings.registry['registry']     = false if Settings.registry['enabled'].nil?
 Settings.registry['path']         = File.expand_path(Settings.registry['path'] || File.join(Settings.shared['path'], "registry"), Rails.root)
 Settings.registry['host']         ||= "example.com"
 Settings.registry['internal_host']||= "localhost"
+Settings.registry['key']          ||= nil
 Settings.registry['https']        = false if Settings.registry['https'].nil?
 Settings.registry['port']         ||= Settings.registry.https ? 443 : 80
 Settings.registry['protocol']     ||= Settings.registry.https ? "https" : "http"
diff --git a/lib/api/auth.rb b/lib/api/auth.rb
index ec944b1dc8c..d769c692754 100644
--- a/lib/api/auth.rb
+++ b/lib/api/auth.rb
@@ -119,12 +119,13 @@ module API
             name: @path,
             actions: @actions
           ],
+          iss: Gitlab.config.registry.issuer,
           exp: Time.now.to_i + 3600
         }
       end
 
       def private_key
-        @private_key ||= OpenSSL::PKey::RSA.new File.read 'config/registry.key'
+        @private_key ||= OpenSSL::PKey::RSA.new File.read Gitlab.config.registry.key
       end
 
       def encode(payload)