diff --git a/dashboard/src/js/client.js b/dashboard/src/js/client.js
index f8ffbe8aa..1113ba5d0 100644
--- a/dashboard/src/js/client.js
+++ b/dashboard/src/js/client.js
@@ -1076,7 +1076,7 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
     };
 
     Client.prototype.setUserDirectoryConfig = function (config, callback) {
-        post('/api/v1/settings/directory_server/config', config, null, function (error, data, status) {
+        post('/api/v1/directory_server/config', config, null, function (error, data, status) {
             if (error) return callback(error);
             if (status !== 200) return callback(new ClientError(status, data));
 
@@ -1085,7 +1085,7 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
     };
 
     Client.prototype.getUserDirectoryConfig = function (callback) {
-        get('/api/v1/settings/directory_server/config', null, function (error, data, status) {
+        get('/api/v1/directory_server/config', null, function (error, data, status) {
             if (error) return callback(error);
             if (status !== 200) return callback(new ClientError(status, data));
 
@@ -1218,7 +1218,7 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
     };
 
     Client.prototype.setRegistryConfig = function (rc, callback) {
-        post('/api/v1/settings/registry_config', rc, null, function (error, data, status) {
+        post('/api/v1/docker/registry_config', rc, null, function (error, data, status) {
             if (error) return callback(error);
             if (status !== 200) return callback(new ClientError(status, data));
             callback(null);
@@ -1226,7 +1226,7 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
     };
 
     Client.prototype.getRegistryConfig = function (callback) {
-        get('/api/v1/settings/registry_config', null, function (error, data, status) {
+        get('/api/v1/docker/registry_config', null, function (error, data, status) {
             if (error) return callback(error);
             if (status !== 200) return callback(new ClientError(status, data));
             callback(null, data);
@@ -2018,20 +2018,6 @@ angular.module('Application').service('Client', ['$http', '$interval', '$timeout
         });
     };
 
-    Client.prototype.setCertificate = function (certificateFile, keyFile, callback) {
-        var data = {
-            cert: certificateFile,
-            key: keyFile
-        };
-
-        post('/api/v1/settings/certificate', data, null, function (error, data, status) {
-            if (error) return callback(error);
-            if (status !== 202) return callback(new ClientError(status, data));
-
-            callback(null);
-        });
-    };
-
     Client.prototype.getBlockDevices = function (callback) {
         get('/api/v1/system/block_devices', null, function (error, data, status) {
             if (error) return callback(error);
diff --git a/src/docker.js b/src/docker.js
index a7001932e..ff1304463 100644
--- a/src/docker.js
+++ b/src/docker.js
@@ -1,9 +1,9 @@
 'use strict';
 
 exports = module.exports = {
-    testRegistryConfig,
-    injectPrivateFields,
     removePrivateFields,
+    getRegistryConfig,
+    setRegistryConfig,
 
     ping,
 
@@ -84,15 +84,15 @@ async function ping() {
     throw new BoxError(BoxError.DOCKER_ERROR, 'Unable to ping the docker daemon');
 }
 
-async function getRegistryConfig(image) {
+async function getAuthConfig(image) {
     // https://github.com/docker/distribution/blob/release/2.7/reference/normalize.go#L62
     const parts = image.split('/');
     if (parts.length === 1 || (parts[0].match(/[.:]/) === null)) return null; // public docker registry
 
-    const registryConfig = await settings.getRegistryConfig();
+    const registryConfig = await getRegistryConfig();
 
     // https://github.com/apocas/dockerode#pull-from-private-repos
-    const auth = {
+    const autoConfig = {
         username: registryConfig.username,
         password: registryConfig.password,
         auth: registryConfig.auth || '', // the auth token at login time
@@ -100,15 +100,15 @@ async function getRegistryConfig(image) {
         serveraddress: registryConfig.serverAddress
     };
 
-    return auth;
+    return autoConfig;
 }
 
 async function pullImage(manifest) {
-    const config = await getRegistryConfig(manifest.dockerImage);
+    const authConfig = await getAuthConfig(manifest.dockerImage);
 
-    debug(`pullImage: will pull ${manifest.dockerImage}. auth: ${config ? 'yes' : 'no'}`);
+    debug(`pullImage: will pull ${manifest.dockerImage}. auth: ${authConfig ? 'yes' : 'no'}`);
 
-    const [error, stream] = await safe(gConnection.pull(manifest.dockerImage, { authconfig: config }));
+    const [error, stream] = await safe(gConnection.pull(manifest.dockerImage, { authconfig: authConfig }));
     if (error && error.statusCode === 404) throw new BoxError(BoxError.NOT_FOUND, `Unable to pull image ${manifest.dockerImage}. message: ${error.message} statusCode: ${error.statusCode}`);
     if (error) throw new BoxError(BoxError.DOCKER_ERROR, `Unable to pull image ${manifest.dockerImage}. Please check the network or if the image needs authentication. statusCode: ${error.statusCode}`);
 
@@ -654,3 +654,20 @@ async function update(name, memory, memorySwap) {
 
     throw new BoxError(BoxError.DOCKER_ERROR, 'Unable to update container');
 }
+
+async function getRegistryConfig() {
+    const value = await settings.getJson(settings.REGISTRY_CONFIG_KEY);
+    return value || { provider: 'noop' };
+}
+
+async function setRegistryConfig(registryConfig) {
+    assert.strictEqual(typeof registryConfig, 'object');
+
+    const currentConfig = await getRegistryConfig();
+
+    injectPrivateFields(registryConfig, currentConfig);
+
+    await testRegistryConfig(registryConfig);
+
+    await settings.setJson(settings.REGISTRY_CONFIG_KEY, registryConfig);
+}
diff --git a/src/routes/settings.js b/src/routes/docker.js
similarity index 62%
rename from src/routes/settings.js
rename to src/routes/docker.js
index b16056e13..c08883c17 100644
--- a/src/routes/settings.js
+++ b/src/routes/docker.js
@@ -1,9 +1,8 @@
 'use strict';
 
 exports = module.exports = {
-    set,
-    get,
-
+    getRegistryConfig,
+    setRegistryConfig
 };
 
 const assert = require('assert'),
@@ -11,11 +10,10 @@ const assert = require('assert'),
     docker = require('../docker.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
-    safe = require('safetydance'),
-    settings = require('../settings.js');
+    safe = require('safetydance');
 
 async function getRegistryConfig(req, res, next) {
-    const [error, registryConfig] = await safe(settings.getRegistryConfig());
+    const [error, registryConfig] = await safe(docker.getRegistryConfig());
     if (error) return next(BoxError.toHttpError(error));
 
     next(new HttpSuccess(200, docker.removePrivateFields(registryConfig)));
@@ -32,28 +30,8 @@ async function setRegistryConfig(req, res, next) {
         if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password is required'));
     }
 
-    const [error] = await safe(settings.setRegistryConfig(req.body));
+    const [error] = await safe(docker.setRegistryConfig(req.body));
     if (error) return next(BoxError.toHttpError(error));
 
     next(new HttpSuccess(200));
 }
-
-function get(req, res, next) {
-    assert.strictEqual(typeof req.params.setting, 'string');
-
-    switch (req.params.setting) {
-    case settings.REGISTRY_CONFIG_KEY: return getRegistryConfig(req, res, next);
-
-    default: return next(new HttpError(404, 'No such setting'));
-    }
-}
-
-function set(req, res, next) {
-    assert.strictEqual(typeof req.body, 'object');
-
-    switch (req.params.setting) {
-    case settings.REGISTRY_CONFIG_KEY: return setRegistryConfig(req, res, next);
-
-    default: return next(new HttpError(404, 'No such setting'));
-    }
-}
diff --git a/src/routes/index.js b/src/routes/index.js
index 342bc5c59..619c66667 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -10,6 +10,7 @@ exports = module.exports = {
     branding: require('./branding.js'),
     cloudron: require('./cloudron.js'),
     directoryServer: require('./directoryserver.js'),
+    docker: require('./docker.js'),
     domains: require('./domains.js'),
     eventlog: require('./eventlog.js'),
     externalLdap: require('./externalldap.js'),
@@ -24,7 +25,6 @@ exports = module.exports = {
     provision: require('./provision.js'),
     reverseProxy: require('./reverseproxy.js'),
     services: require('./services.js'),
-    settings: require('./settings.js'),
     support: require('./support.js'),
     system: require('./system.js'),
     tasks: require('./tasks.js'),
diff --git a/src/server.js b/src/server.js
index 58383acf0..f8f64c99f 100644
--- a/src/server.js
+++ b/src/server.js
@@ -327,9 +327,9 @@ async function initializeExpressSync() {
     router.get ('/api/v1/network/ipv4',              token, authorizeAdmin, routes.network.getIPv4);
     router.get ('/api/v1/network/ipv6',              token, authorizeAdmin, routes.network.getIPv6);
 
-    // settings routes (these are for the settings tab - avatar & name have public routes for normal users. see above)
-    router.get ('/api/v1/settings/:setting',            token, authorizeAdmin, routes.settings.get);
-    router.post('/api/v1/settings/:setting',      json, token, authorizeAdmin, routes.settings.set);
+    // docker
+    router.get ('/api/v1/docker/registry_config',            token, authorizeAdmin, routes.docker.getRegistryConfig);
+    router.post('/api/v1/docker/registry_config',      json, token, authorizeAdmin, routes.docker.setRegistryConfig);
 
     // email routes
     router.get ('/api/v1/mailserver/eventlog',                token, authorizeOwner, routes.mailserver.proxy);
diff --git a/src/settings.js b/src/settings.js
index 1a3b6bbbf..5e05d60b6 100644
--- a/src/settings.js
+++ b/src/settings.js
@@ -1,9 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    getRegistryConfig,
-    setRegistryConfig,
-
     initCache,
 
     // these values come from the cache
@@ -83,7 +80,6 @@ exports = module.exports = {
 const assert = require('assert'),
     database = require('./database.js'),
     debug = require('debug')('box:settings'),
-    docker = require('./docker.js'),
     safe = require('safetydance');
 
 const SETTINGS_FIELDS = [ 'name', 'value' ].join(',');
@@ -91,10 +87,6 @@ const SETTINGS_BLOB_FIELDS = [ 'name', 'valueBlob' ].join(',');
 
 const gDefaults = (function () {
     const result = { };
-    result[exports.REGISTRY_CONFIG_KEY] = {
-        provider: 'noop'
-    };
-
     result[exports.DASHBOARD_DOMAIN_KEY] = '';
     result[exports.DASHBOARD_FQDN_KEY] = '';
     result[exports.MAIL_DOMAIN_KEY] = '';
@@ -159,24 +151,6 @@ async function clear() {
     await database.query('DELETE FROM settings');
 }
 
-async function getRegistryConfig() {
-    const value = await get(exports.REGISTRY_CONFIG_KEY);
-    if (value === null) return gDefaults[exports.REGISTRY_CONFIG_KEY];
-    return JSON.parse(value);
-}
-
-async function setRegistryConfig(registryConfig) {
-    assert.strictEqual(typeof registryConfig, 'object');
-
-    const currentConfig = await getRegistryConfig();
-
-    docker.injectPrivateFields(registryConfig, currentConfig);
-
-    await docker.testRegistryConfig(registryConfig);
-
-    await set(exports.REGISTRY_CONFIG_KEY, JSON.stringify(registryConfig));
-}
-
 async function list() {
     const settings = await database.query(`SELECT ${SETTINGS_FIELDS} FROM settings WHERE value IS NOT NULL ORDER BY name`);