diff --git a/api/http/handler/registries/registry_configure.go b/api/http/handler/registries/registry_configure.go
index 8cbd8547c..a1074eeb5 100644
--- a/api/http/handler/registries/registry_configure.go
+++ b/api/http/handler/registries/registry_configure.go
@@ -125,26 +125,23 @@ func (handler *Handler) registryConfigure(w http.ResponseWriter, r *http.Request
 		return httperror.InternalServerError("Unable to find a registry with the specified identifier inside the database", err)
 	}
 
-	registry.ManagementConfiguration = &portainer.RegistryManagementConfiguration{
-		Type: registry.Type,
-	}
-
 	if payload.Authentication {
-		registry.ManagementConfiguration.Authentication = true
-		registry.ManagementConfiguration.Username = payload.Username
-		if payload.Username == registry.Username && payload.Password == "" {
-			registry.ManagementConfiguration.Password = registry.Password
-		} else {
-			registry.ManagementConfiguration.Password = payload.Password
+		registry.Authentication = true
+
+		registry.Username = payload.Username
+
+		if payload.Password != "" {
+			registry.Password = payload.Password
 		}
 
 		if payload.Region != "" {
-			registry.ManagementConfiguration.Ecr.Region = payload.Region
+			registry.Ecr.Region = payload.Region
 		}
 	}
 
+	var tlsConfig portainer.TLSConfiguration
 	if payload.TLS {
-		registry.ManagementConfiguration.TLSConfig = portainer.TLSConfiguration{
+		tlsConfig = portainer.TLSConfiguration{
 			TLS:           true,
 			TLSSkipVerify: payload.TLSSkipVerify,
 		}
@@ -156,22 +153,25 @@ func (handler *Handler) registryConfigure(w http.ResponseWriter, r *http.Request
 			if err != nil {
 				return httperror.InternalServerError("Unable to persist TLS certificate file on disk", err)
 			}
-			registry.ManagementConfiguration.TLSConfig.TLSCertPath = certPath
+			tlsConfig.TLSCertPath = certPath
 
 			keyPath, err := handler.FileService.StoreRegistryManagementFileFromBytes(folder, "key.pem", payload.TLSKeyFile)
 			if err != nil {
 				return httperror.InternalServerError("Unable to persist TLS key file on disk", err)
 			}
-			registry.ManagementConfiguration.TLSConfig.TLSKeyPath = keyPath
+			tlsConfig.TLSKeyPath = keyPath
 
 			cacertPath, err := handler.FileService.StoreRegistryManagementFileFromBytes(folder, "ca.pem", payload.TLSCACertFile)
 			if err != nil {
 				return httperror.InternalServerError("Unable to persist TLS CA certificate file on disk", err)
 			}
-			registry.ManagementConfiguration.TLSConfig.TLSCACertPath = cacertPath
+			tlsConfig.TLSCACertPath = cacertPath
 		}
 	}
 
+	registry.ManagementConfiguration = syncConfig(registry)
+	registry.ManagementConfiguration.TLSConfig = tlsConfig
+
 	err = handler.DataStore.Registry().UpdateRegistry(registry.ID, registry)
 	if err != nil {
 		return httperror.InternalServerError("Unable to persist registry changes inside the database", err)
diff --git a/api/http/handler/registries/registry_create.go b/api/http/handler/registries/registry_create.go
index 8da875a3f..124e0795f 100644
--- a/api/http/handler/registries/registry_create.go
+++ b/api/http/handler/registries/registry_create.go
@@ -119,6 +119,8 @@ func (handler *Handler) registryCreate(w http.ResponseWriter, r *http.Request) *
 		Ecr:              payload.Ecr,
 	}
 
+	registry.ManagementConfiguration = syncConfig(registry)
+
 	registries, err := handler.DataStore.Registry().Registries()
 	if err != nil {
 		return httperror.InternalServerError("Unable to retrieve registries from the database", err)
diff --git a/api/http/handler/registries/registry_update.go b/api/http/handler/registries/registry_update.go
index 4e03baf20..efe36987c 100644
--- a/api/http/handler/registries/registry_update.go
+++ b/api/http/handler/registries/registry_update.go
@@ -140,6 +140,8 @@ func (handler *Handler) registryUpdate(w http.ResponseWriter, r *http.Request) *
 		}
 	}
 
+	registry.ManagementConfiguration = syncConfig(registry)
+
 	if payload.URL != nil {
 		shouldUpdateSecrets = shouldUpdateSecrets || (*payload.URL != registry.URL)
 
@@ -183,6 +185,21 @@ func (handler *Handler) registryUpdate(w http.ResponseWriter, r *http.Request) *
 	return response.JSON(w, registry)
 }
 
+func syncConfig(registry *portainer.Registry) *portainer.RegistryManagementConfiguration {
+	config := registry.ManagementConfiguration
+	if config == nil {
+		config = &portainer.RegistryManagementConfiguration{}
+	}
+
+	config.Authentication = registry.Authentication
+	config.Username = registry.Username
+	config.Password = registry.Password
+	config.Ecr = registry.Ecr
+	config.Type = registry.Type
+
+	return config
+}
+
 func (handler *Handler) updateEndpointRegistryAccess(endpoint *portainer.Endpoint, registry *portainer.Registry, endpointAccess portainer.RegistryAccessPolicies) error {
 
 	cli, err := handler.K8sClientFactory.GetKubeClient(endpoint)
diff --git a/app/portainer/models/registry.js b/app/portainer/models/registry.js
index 22174f411..6562bd8c7 100644
--- a/app/portainer/models/registry.js
+++ b/app/portainer/models/registry.js
@@ -18,7 +18,8 @@ export function RegistryViewModel(data) {
 }
 
 export function RegistryManagementConfigurationDefaultModel(registry) {
-  this.Authentication = false;
+  this.Authentication = registry.Authentication;
+  this.Username = registry.Username;
   this.Password = '';
   this.TLS = false;
   this.TLSSkipVerify = false;