Artifact Registry implements a Docker protocol so that you can push and pull images directly with Docker clients, including the Docker command-line tool.
Google Cloud services that typically integrate with Artifact Registry, such as Cloud Build and Google Kubernetes Engine, are configured by with default permissions to access repositories in the same project and do not require a separate client.
If you want to interact with Artifact Registry without the Docker client, we recommend using the gcrane tool. The tool provides:
- Simple commands that work with Artifact Registry, Container Registry, and other registries.
- Useful commands for Artifact Registry and Container Registry tasks that do
not have an equivalent command in the
gcloudcommand-line tool or the Docker command-line tool, such as listing untagged images or copying images across registry hosts.
If gcrane isn't an appropriate option, you can use the Docker Registry HTTP API.
- See Authenticating using the Docker Registry API for information about authentication using the API.
- Refer to Docker Registry HTTP API V2 documentation for details about the APi request format.
Authenticating using the Docker Registry HTTP API
If using Docker or the
gcrane tool is not an option, you can use the Docker
Registry HTTP API.
To authenticate with Artifact Registry and obtain a token for requests:
Grant the required permissions to the service account that will interact with the registry.
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path for your service account private key file.
Obtain an access token and include it in your request. The simplest approach is using the
gcloudtool. Alternatively, you can use the oauth2l tool.
The following example shows the command for listing tags, using
my-imageas the image and
my-projectas the Google Cloud project. This example also uses the jq command to filter and format the output returned by requests, but it's optional. The
jqtool is included in Cloud Shell.
curl \ -H "Authorization: Bearer $(gcloud auth print-access-token)" \ "https://us-docker.pkg.dev/v2/my-project/my-repo/my-image/tags/list" | jq ".tags"
curl \ -H "Authorization: Bearer $(oauth2l fetch --credentials key.json --scope cloud-platform)" \ "https://us-docker.pkg.dev/v2/my-project/my-repo/my-image/tags/list" | jq ".tags"