diff --git a/cmd/buildkitd/config/config.go b/cmd/buildkitd/config/config.go
index f296e6cd2c6e5..5c07816bdd80c 100644
--- a/cmd/buildkitd/config/config.go
+++ b/cmd/buildkitd/config/config.go
@@ -1,6 +1,9 @@
 package config
 
-import "github.com/BurntSushi/toml"
+import (
+	"github.com/BurntSushi/toml"
+	"github.com/moby/buildkit/util/resolver"
+)
 
 // Config provides containerd configuration data for the server
 type Config struct {
@@ -9,7 +12,7 @@ type Config struct {
 	// Root is the path to a directory where buildkit will store persistent data
 	Root string `toml:"root"`
 
-	//Entitlements e.g. security.insecure, network.host
+	// Entitlements e.g. security.insecure, network.host
 	Entitlements []string `toml:"insecure-entitlements"`
 	// GRPC configuration settings
 	GRPC GRPCConfig `toml:"grpc"`
@@ -35,19 +38,8 @@ type GRPCConfig struct {
 	// MaxSendMsgSize int    `toml:"max_send_message_size"`
 }
 
-type RegistryConfig struct {
-	Mirrors      []string     `toml:"mirrors"`
-	PlainHTTP    *bool        `toml:"http"`
-	Insecure     *bool        `toml:"insecure"`
-	RootCAs      []string     `toml:"ca"`
-	KeyPairs     []TLSKeyPair `toml:"keypair"`
-	TLSConfigDir []string     `toml:"tlsconfigdir"`
-}
-
-type TLSKeyPair struct {
-	Key         string `toml:"key"`
-	Certificate string `toml:"cert"`
-}
+type RegistryConfig = resolver.RegistryConfig
+type TLSKeyPair = resolver.TLSKeyPair
 
 type TLSConfig struct {
 	Cert string `toml:"cert"`
diff --git a/util/resolver/resolver.go b/util/resolver/resolver.go
index 42c940b3d60ad..64b895f73a1f4 100644
--- a/util/resolver/resolver.go
+++ b/util/resolver/resolver.go
@@ -13,12 +13,11 @@ import (
 	"time"
 
 	"github.com/containerd/containerd/remotes/docker"
-	"github.com/moby/buildkit/cmd/buildkitd/config"
 	"github.com/moby/buildkit/util/tracing"
 	"github.com/pkg/errors"
 )
 
-func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
+func fillInsecureOpts(host string, c RegistryConfig, h docker.RegistryHost) ([]docker.RegistryHost, error) {
 	var hosts []docker.RegistryHost
 
 	tc, err := loadTLSConfig(c)
@@ -65,7 +64,7 @@ func fillInsecureOpts(host string, c config.RegistryConfig, h docker.RegistryHos
 	return hosts, nil
 }
 
-func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
+func loadTLSConfig(c RegistryConfig) (*tls.Config, error) {
 	for _, d := range c.TLSConfigDir {
 		fs, err := ioutil.ReadDir(d)
 		if err != nil && !errors.Is(err, os.ErrNotExist) && !errors.Is(err, os.ErrPermission) {
@@ -76,7 +75,7 @@ func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
 				c.RootCAs = append(c.RootCAs, filepath.Join(d, f.Name()))
 			}
 			if strings.HasSuffix(f.Name(), ".cert") {
-				c.KeyPairs = append(c.KeyPairs, config.TLSKeyPair{
+				c.KeyPairs = append(c.KeyPairs, TLSKeyPair{
 					Certificate: filepath.Join(d, f.Name()),
 					Key:         filepath.Join(d, strings.TrimSuffix(f.Name(), ".cert")+".key"),
 				})
@@ -115,8 +114,22 @@ func loadTLSConfig(c config.RegistryConfig) (*tls.Config, error) {
 	return tc, nil
 }
 
+type RegistryConfig struct {
+	Mirrors      []string     `toml:"mirrors"`
+	PlainHTTP    *bool        `toml:"http"`
+	Insecure     *bool        `toml:"insecure"`
+	RootCAs      []string     `toml:"ca"`
+	KeyPairs     []TLSKeyPair `toml:"keypair"`
+	TLSConfigDir []string     `toml:"tlsconfigdir"`
+}
+
+type TLSKeyPair struct {
+	Key         string `toml:"key"`
+	Certificate string `toml:"cert"`
+}
+
 // NewRegistryConfig converts registry config to docker.RegistryHosts callback
-func NewRegistryConfig(m map[string]config.RegistryConfig) docker.RegistryHosts {
+func NewRegistryConfig(m map[string]RegistryConfig) docker.RegistryHosts {
 	return docker.Registries(
 		func(host string) ([]docker.RegistryHost, error) {
 			c, ok := m[host]