It is desired to directly pull or push images to self-built image registries like Harbor using ctr images pull or ctr images push. It is known that the Harbor image registry has HTTPS access enabled (i.e., TLS configuration is already in place).

However, from the 【Registry Type Pull Resolve Push】 section of the documentation at https://github.com/containerd/containerd/blob/main/docs/hosts.md , it is unclear whether such self-built HTTPS image registries support setting account credentials (username and password) in configuration files. After researching and testing multiple configurations, no successful results have been achieved. It has been verified that using ctr -n k8s.io i pull --user "user:password" and ctr -n k8s.io i push --user "user:password" works without issues. However, it is not desirable to pass the username and password via the command line terminal every time.

Is it possible to specify account credentials and CA certificate information through hosts.toml to avoid including the --user "user:password" parameter in commands? The current containerd version is v1.7.20.