Creating and managing repositories

This page describes how to add, view, and delete Artifact Registry repositories.

Before you begin

  1. Enable Artifact Registry, including enabling the Artifact Registry API and installing Cloud SDK.
  2. (Optional) Configure defaults for gcloud commands.

Overview

You must create a repository before you can upload artifacts. Each repository can contain artifacts for a single supported format.

All repository content is encrypted using either Google-managed or customer-managed encryption keys. Artifact Registry uses Google-managed encryption keys by default and no configuration is required for this option.

Setting up CMEK for repositories

By default, Google Cloud automatically encrypts data when it is at rest with Google-managed encryption keys that you manage in Cloud Key Management Service (KMS). If you have specific compliance or regulatory requirements related to the keys that protect your data, you can create repositories that use customer-managed-encryption keys (CMEK) to encrypt repository content.

Before you create a repository that you want to encrypt with CMEK, you must create and enable a key in Cloud KMS. You can then assign the key to the repository when you create it.

You cannot change the encryption mechanism of an existing repository. If you have a CMEK-encrypted repository, you cannot change the encryption mechanism to Google default encryption or assign a different Cloud KMS key for encryption.

Creating repositories

When you create a repository, you must choose the following settings:

You cannot change these settings after you create the repository.

The following table summarizes the available artifact formats, the corresponding repository for the format, and the value to use for creating the repository with the gcloud command-line tool.

Artifact Repository format gcloud setting
Container images or Helm charts Docker docker
Java packages Maven maven
Node.js packages npm npm
Python packages Python python
Debian packages (Preview) APT apt
RPM packages (Preview) Yum yum

To create and configure a new repository:

  1. If you are using CMEK to encrypt repository data, create the key you will use with this repository and grant permissions to use the key. See Enabling customer-managed encryption keys.

  2. Add the repository.

    Console

    1. Open the Repositories page in the Cloud Console.

      Open the Repositories page

    2. Click Create Repository.

    3. Specify the repository name. For each repository location in a project, repository names must be unique.

    4. Specify the repository format.

    5. If you are creating a Maven repository, configure the repository version policy.

      1. Choose a version policy:

        • None - No version policy. Store both release and snapshot packages.
        • Release - Store only release packages.
        • Snapshot - Store only snapshot packages.
      2. If you want the repository to accept non-unique snapshots that overwrite existing versions in the repository, select Allow snapshot overwrites.

    6. Under Location Type, choose the location for the repository:

      1. Choose the location type: Region or Multi-Region. The list of locations changes to reflect your selection.

      2. In the Region or Multi-region list, select a location.

      For information about location types and supported locations, see Repository locations

    7. Add a description for the repository. Descriptions help to identify the purpose of the repository and the kind of artifacts it contains.

      Do not include sensitive data, since repository descriptions are not encrypted.

    8. If you want to use labels to organize your repositories, click Add Label and enter the key-value pair for the label. You can add, edit, or remove labels after you create the repository.

    9. In the Encryption section, choose the encryption mechanism for the repository.

      • Google-managed key - Encrypt repository content with a Google-managed encryption key.
      • Customer-managed key - Encrypt repository content with a key that you control through Cloud Key Management Service. For key setup instructions, see Setting up CMEK for repositories.
    10. Click Create.

    gcloud

    Run the command to create a new repository.

    gcloud artifacts repositories create REPOSITORY \
        --repository-format=FORMAT \
        [--location=LOCATION] \
        [--description="DESCRIPTION"] \
        [--kms-key=KMS-KEY] \
        [--async] \
    
    • REPOSITORY is the name of the repository. For each repository location in a project, repository names must be unique.
    • FORMAT is the repository format.
    • LOCATION is the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:

      gcloud artifacts locations list
      
    • DESCRIPTION is a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.

    • KMS-KEY is the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:

      projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
      

      Where

      • KMS-PROJECT is the project where your key is stored.
      • KMS-LOCATION is the location of the key.
      • KEY-RING is the name of the key ring.
      • KEY is the name of the key.
    • --async returns immediately, without waiting for the operation in progress to complete.

    By default, Maven repositories store both snapshot and release versions of packages. If you want to store snapshot and release versions in different repositories, specify the version policy for the repository when you create it.

    gcloud artifacts repositories create REPOSITORY \
        --repository-format=FORMAT \
        [--location=LOCATION] \
        [--description="DESCRIPTION"] \
        [--kms-key=KMS-KEY] \
        [--version-policy=VERSION-POLICY] \
        [--allow-snapshot-overwrites] \
        [--async] \
    

    The following flags are specific to Maven repositories:

    --version-policy=VERSION-POLICY
    Specifies the types of packages to store in the repository. You can set VERSION-POLICY to:
    • None - No version policy. Store both release and snapshot packages. If you do not include the --version-policy flag in your command, this is the default setting.
    • Release - Store only release packages.
    • Snapshot - Store only snapshot packages.
    --allow-snapshot-overwrites

    If you specify this flag, you can publish non-unique snapshots that overwrite existing versions in the repository.

    Terraform

    For information about using Terraform to provision repositories and grant repository permissions, see Integrating with Terraform.

  3. Grant permissions for accessing the repository.

    If you have granted any Artifact Registry roles at the project level, those roles are inherited by repositories in the project. If you want team members to have different levels of access to the repositories in your project, grant roles at the repository level.

  4. To interact with repositories from Docker or package managers, you must configure authentication for those tools. Refer to the appropriate page:

Labelling repositories

A label is a key-value pair that you can use to identify and group related repositories such as stage:production or team:development. For more information, see Creating and managing labels.

Updating the repository description

You can update the description of an existing repository with the following command:

gcloud artifacts repositories update REPOSITORY [--project=PROJECT] \
[--location=LOCATION] --description="DESCRIPTION"

WHERE

  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • PROJECT is the Google Cloud project ID. If this flag is omitted, the current or default project is used.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • DESCRIPTION is a description for the repository.

For more information about the command, run the following command:

 gcloud artifacts repositories update --help

Viewing repositories

You can view repositories within a Google Cloud project.

To view a list of repositories:

Console

Open the Repositories page in the Cloud Console.

Open the Repositories page

The page displays a list of your repositories.

To filter the Artifact Registry repository list:

  1. Above the repository list, click Filter Table.
  2. Choose a filter from the filter list.
  3. Specify the value that you want to use for filtering the list.

gcloud

To list existing repositories, run the following command:

gcloud artifacts repositories list [--project=PROJECT] \
[--location=LOCATION]

To view the type of encryption configured for a repository, run the following command:

gcloud artifacts repositories describe REPOSITORY \
[--project=PROJECT] [--location=LOCATION]

In these commands, replace the following values:

  • PROJECT is the project ID. If this flag is omitted, the current or default project is used.
  • REPOSITORY is the name of the repository.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. You can also use --location=all to list repositories across all locations.

    If you omit this flag, the command uses the default location if a default is configured. Otherwise, omitting this flag lists repositories across all locations.

For more information about the command, run the following command:

 gcloud artifacts repositories list --help

Deleting repositories

Before you remove a repository, ensure that any packages that you want to keep are available in another location.

To delete a repository:

Console

  1. Open the Repositories page in the Cloud Console.

    Open the Repositories page

  2. In the repository list, select the repository to delete.

  3. Click Delete.

gcloud

To delete the a repository, run the following command:

gcloud artifacts repositories delete REPOSITORY \
[--location=LOCATION] [--async]

Where

  • REPOSITORY is the name of the repository.
  • LOCATION is the regional or multi-regional location for the repository. You can omit this flag if you set a default.
  • --async returns immediately, without waiting for the operation in progress to complete.

For more information about the command, run the following command:

 gcloud artifacts repositories delete --help

What's next

  • Configure access to your repositories