Creating and managing repositories

This page describes how to add, view, and delete Artifact Registry repositories.

Before you begin

  1. Enable Artifact Registry, including enabling the Artifact Registry API and installing Cloud SDK.
  2. (Optional) Configure defaults for gcloud commands.

Overview

You must create a repository before you can upload artifacts. Each repository can contain artifacts for a single supported format.

All repository content is encrypted using either Google-managed or customer-managed encryption keys. Artifact Registry uses Google-managed encryption keys by default and no configuration is required for this option.

Setting up CMEK for repositories

By default, Google Cloud automatically encrypts data when it is at rest with Google-managed encryption keys that you manage in Cloud Key Management Service. If you have specific compliance or regulatory requirements related to the keys that protect your data, you can create repositories that use customer-managed-encryption keys (CMEK) to encrypt repository content.

Before you create a repository that you want to encrypt with CMEK, you must create and enable a key in Cloud KMS. You can then assign the key to the repository when you create it.

You cannot change the encryption mechanism of an existing repository. If you have a CMEK-encrypted repository, you cannot change the encryption mechanism to Google default encryption or assign a different Cloud KMS key for encryption.

Creating repositories

When you create a repository, you must choose the following settings:

You cannot change these settings after you create the repository.

To create and configure a new repository:

  1. If you are using CMEK to encrypt repository data, create the key you will use with this repository and grant permissions to use the key. See Enabling customer-managed encryption keys.

  2. Add the repository.

    Console

    1. Open the Repositories page in the Cloud Console.

      Open the Repositories page

    2. Click Create Repository.

    3. Specify the repository name. For each repository location in a project, repository names must be unique.

    4. Specify the repository format. The following formats are supported:

      • Docker
      • Maven (alpha)
      • npm (alpha)
    5. Under Location Type, choose the location for the repository:

      1. Choose the location type: Region or Multi-Region. The list of locations changes to reflect your selection.

      2. In the Region or Multi-region list, select a location.

      For information about location types and supported locations, see Organizing repositories

    6. Add a description for the repository. Descriptions help to identify the purpose of the repository and the kind of artifacts it contains.

    7. If you want to use labels to organize your repositories, click Add Label and enter the key-value pair for the label. You can add, edit, or remove labels after you create the repository.

    8. In the Encryption section, choose the encryption mechanism for the repository.

      • Google-managed key - Encrypt repository content with a Google-managed encryption key.
      • Customer-managed key - Encrypt repository content with a key that you control through Cloud Key Management Service. For key setup instructions, see Setting up CMEK for repositories.
    9. Click Create.

    gcloud

    Run the following command to create a new repository.

    gcloud artifacts repositories create REPOSITORY \
    --repository-format=FORMAT [--location=LOCATION] \
    [--description=DESCRIPTION] [--kms-key=KMS-KEY] [--async]
    

    Where

    • REPOSITORY is the name of the repository. For each repository location in a project, repository names must be unique.
    • FORMAT is the repository format. Supported values are

      • docker
      • maven (alpha)
      • npm (alpha)
    • LOCATION is the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:

      gcloud artifacts locations list
      
    • DESCRIPTION is a description of the repository.

    • KMS-KEY is the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:

      projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
      

      Where

      • KMS-PROJECT is the project where your key is stored.
      • KMS-LOCATION is the location of the key.
      • KEY-RING is the name of the key ring.
      • KEY is the name of the key.
    • --async returns immediately, without waiting for the operation in progress to complete.

    For more information about the command, run the following command:

     gcloud artifacts repositories create --help
    

    Terraform

    For information about using Terraform to provision repositories and grant repository permissions, see Integrating with Terraform.

  3. Grant permissions for accessing the repository.

    If you have granted any Artifact Registry roles at the project level, those roles are inherited by repositories in the project. If you want team members to have different levels of access to the repositories in your project, grant roles at the repository level.

  4. To interact with repositories from Docker or package managers, you must configure authentication for those tools. Refer to the appropriate page:

Labelling repositories

A label is a key-value pair that you can use to identify and group related repositories such as stage:production or team:development. For more information, see Creating and managing labels.

Updating the repository description

You can update the description of an existing repository with the following command:

gcloud artifacts repositories update REPOSITORY [--project=PROJECT] \
[--location=LOCATION] --description=DESCRIPTION

WHERE

  • REPOSITORY is the name of the repository. If you configured a default repository, you can omit this flag to use the default.
  • PROJECT is the Google Cloud project ID. If this flag is omitted, the current or default project is used.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.
  • DESCRIPTION is a description for the repository.

For more information about the command, run the following command:

 gcloud artifacts repositories update --help

Viewing repositories

You can view repositories within a Google Cloud project.

To view a list of repositories:

Console

Open the Repositories page in the Cloud Console.

Open the Repositories page

The page displays a list of your repositories.

To filter the Artifact Registry repository list:

  1. Above the repository list, click Filter Table.
  2. Choose a filter from the filter list.
  3. Specify the value that you want to use for filtering the list.

gcloud

To list existing repositories, run the following command:

gcloud artifacts repositories list [--project=PROJECT] \
[--location=LOCATION]

To view the type of encryption configured for a repository, run the following command:

gcloud artifacts repositories describe REPOSITORY \
[--project=PROJECT] [--location=LOCATION]

In these commands, replace the following values:

  • PROJECT is the project ID. If this flag is omitted, the current or default project is used.
  • REPOSITORY is the name of the repository.
  • LOCATION is a regional or multi-regional location. Use this flag to view repositories in a specific location. You can also use --location=all to list repositories across all locations.

    If you omit this flag, the command uses the default location if a default is configured. Otherwise, omitting this flag lists repositories across all locations.

For more information about the command, run the following command:

 gcloud artifacts repositories list --help

Deleting repositories

Before you remove a repository, ensure that any packages that you want to keep are available in another location.

To delete a repository:

Console

  1. Open the Repositories page in the Cloud Console.

    Open the Repositories page

  2. In the repository list, select the repository to delete.

  3. Click Delete.

gcloud

To delete the a repository, run the following command:

gcloud artifacts repositories delete REPOSITORY \
[--location=LOCATION] [--async]

Where

  • REPOSITORY is the name of the repository.
  • LOCATION is the regional or multi-regional location for the repository. You can omit this flag if you set a default.
  • --async returns immediately, without waiting for the operation in progress to complete.

For more information about the command, run the following command:

 gcloud artifacts repositories delete --help

What's next

  • Configure access to your repositories