diff --git a/registry/auths/auth.go b/registry/auths/auth.go
index d5db308..7cef9ce 100644
--- a/registry/auths/auth.go
+++ b/registry/auths/auth.go
@@ -63,6 +63,21 @@ func ParseBytes(b []byte) ([]*drone.Registry, error) {
 	return Parse(bytes.NewReader(b))
 }
 
+// Encode returns the json marshaled, base64 encoded
+// credential string that can be passed to the docker
+// registry authentication header.
+func Encode(username, password string) string {
+	v := struct {
+		Username string `json:"username,omitempty"`
+		Password string `json:"password,omitempty"`
+	}{
+		Username: username,
+		Password: password,
+	}
+	buf, _ := json.Marshal(&v)
+	return base64.URLEncoding.EncodeToString(buf)
+}
+
 // encode returns the encoded credentials.
 func encode(username, password string) string {
 	return base64.StdEncoding.EncodeToString(
diff --git a/registry/auths/auth_test.go b/registry/auths/auth_test.go
index 069a27a..fde63d1 100644
--- a/registry/auths/auth_test.go
+++ b/registry/auths/auth_test.go
@@ -5,6 +5,8 @@
 package auths
 
 import (
+	"bytes"
+	"encoding/base64"
 	"os"
 	"testing"
 
@@ -101,6 +103,21 @@ func TestDecodeInvalid(t *testing.T) {
 	}
 }
 
+func TestEncode(t *testing.T) {
+	username := "octocat"
+	password := "correct-horse-battery-staple"
+	result := Encode(username, password)
+	got, err := base64.URLEncoding.DecodeString(result)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	want := []byte(`{"username":"octocat","password":"correct-horse-battery-staple"}`)
+	if bytes.Equal(got, want) == false {
+		t.Errorf("Could not decode credential header")
+	}
+}
+
 var sample = `{
 	"auths": {
 		"https://index.docker.io/v1/": {