diff --git a/secrets/match.go b/secrets/match.go
new file mode 100644
index 00000000..4d9cd31d
--- /dev/null
+++ b/secrets/match.go
@@ -0,0 +1,52 @@
+package secrets
+
+import (
+	"net/url"
+	"strings"
+)
+
+func registryMatches(imageRegistry, secretRegistry string) bool {
+
+	if imageRegistry == secretRegistry {
+		return true
+	}
+
+	imageRegistry = stripScheme(imageRegistry)
+	secretRegistry = stripScheme(secretRegistry)
+
+	if imageRegistry == secretRegistry {
+		return true
+	}
+
+	// checking domains only
+	if domainOnly(imageRegistry) == domainOnly(secretRegistry) {
+		return true
+	}
+
+	// stripping any paths
+	irh, err := url.Parse("https://" + imageRegistry)
+	if err != nil {
+		return false
+	}
+	srh, err := url.Parse("https://" + secretRegistry)
+	if err != nil {
+		return false
+	}
+
+	if irh.Hostname() == srh.Hostname() {
+		return true
+	}
+
+	return false
+}
+
+func stripScheme(url string) string {
+
+	if strings.HasPrefix(url, "http://") {
+		return strings.TrimPrefix(url, "http://")
+	}
+	if strings.HasPrefix(url, "https://") {
+		return strings.TrimPrefix(url, "https://")
+	}
+	return url
+}
diff --git a/secrets/match_test.go b/secrets/match_test.go
new file mode 100644
index 00000000..162b0c1a
--- /dev/null
+++ b/secrets/match_test.go
@@ -0,0 +1,68 @@
+package secrets
+
+import "testing"
+
+func Test_registryMatches(t *testing.T) {
+	type args struct {
+		imageRegistry  string
+		secretRegistry string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "matches",
+			args: args{imageRegistry: "docker.io", secretRegistry: "docker.io"},
+			want: true,
+		},
+		{
+			name: "doesnt match",
+			args: args{imageRegistry: "docker.io", secretRegistry: "index.docker.io"},
+			want: false,
+		},
+		{
+			name: "matches, secret with port",
+			args: args{imageRegistry: "docker.io", secretRegistry: "docker.io:443"},
+			want: true,
+		},
+		{
+			name: "matches, image with port",
+			args: args{imageRegistry: "docker.io:443", secretRegistry: "docker.io"},
+			want: true,
+		},
+		{
+			name: "matches, image with scheme",
+			args: args{imageRegistry: "https://docker.io", secretRegistry: "docker.io"},
+			want: true,
+		},
+		{
+			name: "matches, secret with scheme",
+			args: args{imageRegistry: "docker.io", secretRegistry: "https://docker.io"},
+			want: true,
+		},
+		{
+			name: "matches, both with scheme",
+			args: args{imageRegistry: "https://docker.io", secretRegistry: "https://docker.io"},
+			want: true,
+		},
+		{
+			name: "matches, both with scheme and port",
+			args: args{imageRegistry: "https://docker.io:443", secretRegistry: "https://docker.io:443"},
+			want: true,
+		},
+		{
+			name: "matches, both with scheme and port and a URL path in the secret",
+			args: args{imageRegistry: "https://docker.io:443", secretRegistry: "https://docker.io:443/v1"},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := registryMatches(tt.args.imageRegistry, tt.args.secretRegistry); got != tt.want {
+				t.Errorf("registryMatches() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}