We currently use DO firewall rules to limit access to our apps and DBs hosted on DO. However, we cannot do that for the DO container registries, and it would be an essential security feature. I would have expected this to be possible within the DO admin panel, but it's currently not supported. We'd rather not setup our own container registry in DO and then use the firewall rules to limit access to it, if a built-in solution can be provided.