An Artifact Registry cleanup policy defines criteria for automatically deleting artifact versions that you no longer need or keeping artifacts that you want to store indefinitely.
Cleanup policies are useful if you store many versions of your artifacts, but only need to keep specific versions that you release to production. You can define delete policies with criteria for deleting artifacts and keep policies with criteria for retaining artifacts.
If an artifact version matches criteria in both a delete policy and a keep policy, Artifact Registry applies the keep policy.
Deletions triggered by delete policies count against your Artifact Registry per project delete request quota and are limited to 300,000 deletions per repository, per day.
Policy application schedule
Artifact Registry deletes and retains artifacts that match your cleanup policies using a background job that runs periodically. Changes take effect within approximately one day.
Maximum number of cleanup policies per repository
You can apply the maximum of 10 cleanup policies to a repository.
Supported formats
You can set a cleanup policy on standard and remote repositories for all repository formats.
Required roles
To get the permissions that you need to apply or remove cleanup policies,
ask your administrator to grant you the
Artifact Registry Administrator (roles/artifactregistry.admin
) IAM role on the repository project.
For more information about granting roles, see Manage access to projects, folders, and organizations.
This predefined role contains the permissions required to apply or remove cleanup policies. To see the exact permissions that are required, expand the Required permissions section:
Required permissions
The following permissions are required to apply or remove cleanup policies:
-
artifactregistry.repositories.update
-
To delete artifacts that meet the criteria in a cleanup policy:
artifactregistry.versions.delete
You might also be able to get these permissions with custom roles or other predefined roles.
The default role for the Artifact Registry Service Agent
includes the permission artifactregistry.versions.delete
, which is
required to delete images that meet the criteria in a cleanup policy.
Create a policy file
A policy file is a JSON file that defines your delete and keep policies. You can create a policy file by creating and editing a JSON file, then using the Google Cloud CLI to apply the policy, or by using the Google Cloud console. Delete policies specify conditions for deleting artifacts. Keep policies specify conditions to retain an artifact, or a number of recent versions to keep. You can't use conditions and most recent versions in the same keep policy.
Create a delete policy
A delete policy lets you specify the minimum or maximum age for artifact deletion and additional filtering criteria to limit the policy to specific artifacts.
If you have certain artifacts that you don't want deleted for any reason, create a conditional keep policy, or a most recent versions keep policy as well as a delete policy. If an artifact matches the criteria in both the delete policy and the keep policy, the artifact is kept.
console
You can create a delete policy for a new or existing repository.
To add a delete policy to an existing repository:
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, select Dry run to test your new policy before committing to deleting any artifacts. For more information on seeing the results of the test, see dry run.
Once you are certain your policy is working as intended, edit your repository settings again, and select Delete artifacts to apply your cleanup policy and delete the selected artifacts.
Click Add a cleanup policy and add the following:
- Name: Give the cleanup policy a name. The name must be unique within the group of policies that you apply to a repository.
- Policy type: Select Conditional delete.
Tag state: indicates if the policy should check for tagged artifacts or untagged artifacts. Artifacts are tagged when pushing or pulling an image to or from a repository. For more on Docker tags, see Container concepts.
- Any tag state: ignores tag state and applies to both tagged and untagged artifacts.
- Tagged: only applies to tagged artifacts.
- Untagged: only applies to untagged artifacts.
Formats that don't support tags are treated as
untagged
. If a repository has immutable tags enabled, tagged artifacts can't be deleted.For more information on tag state as it applies to cleanup policies, see the TagState reference.
The following are optional ways to define your delete policy:
- Tag prefixes: is a comma-separated list of
tag prefixes. For example, the prefixes
test
, andstaging
would match images with tagstestenv
andstaging-1.5
.tagState
must be set toTAGGED
to use tag prefixes. - Version prefixes: - is a comma-separated list of artifact version
prefixes. For example
v1
,v2
would match versionsv1.5
,v2.0alpha
, andv10.2
. - Package prefixes: is a list of artifact name prefixes. You can enter
multiple prefixes by pressing
Enter
or,
between the prefixes. For examplered, blue
would create two prefixes,red
andblue
and would match artifact namesred-team
,redis
, andbluebird
. - Older than: is the minimum time since the version of an artifact was
created in the repository, specified as a duration.
For example,
30d
is 30 days. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively. - Newer than: is the maximum time since the version of an
artifact was created in the repository, specified as a duration.
For example,
30d
is 30 days.
- Tag prefixes: is a comma-separated list of
tag prefixes. For example, the prefixes
You can add more cleanup policies by clicking Add a cleanup policy.
Click Update.
Your cleanup policy is applied to your repository. You can view your cleanup policies in the Repository details section by clicking Show more.
JSON
{
"name": "DELETE_POLICY_NAME",
"action": {"type": "Delete"},
"condition": {
"tagState": "TAG_STATUS",
"tagPrefixes": ["TAG_PREFIXES"],
"versionNamePrefixes": ["VERSION_PREFIXES"],
"packageNamePrefixes": ["PACKAGE_PREFIXES"],
"olderThan": "OLDER_THAN_DURATION",
"newerThan": "NEWER_THAN_DURATION"
}
}
A delete policy must include a name, an action, and at least one condition.
name
- In the delete policy snippet, DELETE_POLICY_NAME is the name of the policy. The name must be unique within the group of policies that you apply to a repository.
action
- For a delete policy the value is
{"type": "Delete"}
. condition
- Specify one or more of the following conditions:
tagState
: TAG_STATUS indicates if the policy should check for tagged artifacts or untagged artifacts. Artifacts are tagged when pushing or pulling an image to or from a repository. Supported values are:tagged
: only applies to tagged artifacts.untagged
: only applies to untagged artifacts.any
: ignores tag state and applies to both tagged and untagged artifacts.
Formats that don't support tags are treated as
untagged
. If a repository has immutable tags enabled, tagged artifacts can't be deleted.For more on Docker tags, see Container concepts.
tagPrefixes
: TAG_PREFIXES is a comma-separated list of tag prefixes. For example"test", "staging"
would match images with tags"testenv"
and"staging-1.5"
.tagState
must be set toTAGGED
to use tag prefixes.versionNamePrefixes
: VERSION_PREFIXES is a comma-separated list of artifact version prefixes. For example"v1", "v2"
would match versions"v1.5"
,"v2.0alpha"
, and"v10.2"
.packageNamePrefixes
: PACKAGE_PREFIXES is a comma-separated list of artifact name prefixes. For example"red", "blue"
would match artifact names"red-team"
,"redis"
, and"bluebird"
.olderThan
: OLDER_THAN_DURATION is the minimum time since the version of an artifact was created in the repository, specified as a duration. For example,30d
is 30 days. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.newerThan
: NEWER_THAN_DURATION is the maximum time since the version of an artifact was created in the repository, specified as a duration. For example,30d
is 30 days.
Create a conditional keep policy
A conditional keep policy specifies criteria for retaining artifacts. Keep policies work with delete policies to keep artifacts that would be deleted according to the specifications of your delete policy, but that you want to keep. When an artifact matches the criteria for both a delete policy and a keep policy, the artifact is kept.
console
You can create a keep policy for a new or existing repository.
To add a keep policy to an existing repository:
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, select Dry run to test your new policy before committing to deleting any artifacts. You need to set at least one delete policy to view the results of your keep policy. For more information on seeing the results of the test, see dry run.
Once you are certain your policies are working as intended, edit your repository settings again, and select Delete artifacts to apply your cleanup policies and delete the selected artifacts.
Click Add a cleanup policy and add the following:
- Name: Give the cleanup policy a name. The name must be unique within the group of policies that you apply to a repository.
- Policy type: Select Conditional keep.
Tag state: indicates if the policy should check for tagged artifacts or untagged artifacts. Artifacts are tagged when pushing or pulling an image to or from a repository. For more on Docker tags, see Container concepts.
- Any tag state: ignores tag state and applies to both tagged and untagged artifacts.
- Tagged: only applies to tagged artifacts.
- Untagged: only applies to untagged artifacts.
Formats that don't support tags are treated as
untagged
. If a repository has immutable tags enabled, tagged artifacts can't be deleted. For more information on tag state as it applies to cleanup policies, see the TagState reference.
The following are optional ways to define your keep policy:
- Tag prefixes: is a comma-separated list of
tag prefixes. For example, the prefixes
test
, andstaging
would match images with tagstestenv
andstaging-1.5
.tagState
must be set toTAGGED
to use tag prefixes. - Version prefixes: - is a comma-separated list of artifact version
prefixes. For example
v1
,v2
would match versionsv1.5
,v2.0alpha
, andv10.2
. - Package prefixes: is a comma-separated list of artifact name prefixes.
For example
red, blue
would match artifact namesred-team
,redis
, andbluebird
.
- Older than: is the minimum time since the version of an artifact was
created in the repository, specified as a duration.
For example,
30d
is 30 days. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively. - Newer than: is the maximum time since the version of an
artifact was created in the repository, specified as a duration.
For example,
30d
is 30 days.
- Tag prefixes: is a comma-separated list of
tag prefixes. For example, the prefixes
You can add more cleanup policies by clicking Add a cleanup policy.
Click Update.
Your cleanup policy is applied to your repository.
JSON
The format is similar to a delete policy. For a keep policy, the
value for action
is {"type": "Keep"}
.
{
"name": "KEEP_POLICY_NAME",
"action": {"type": "Keep"},
"condition": {
"tagState": "TAG_STATUS",
"tagPrefixes": ["TAG_PREFIXES"],
"versionNamePrefixes": ["VERSION_PREFIXES"],
"packageNamePrefixes": ["PACKAGE_PREFIXES"],
"olderThan": "OLDER_THAN_DURATION",
"newerThan": "NEWER_THAN_DURATION"
}
}
Replace the following:
KEEP_POLICY_NAME
with the cleanup policy a name. The name must be unique within the group of policies that you apply to a repository.TAG_STATUS
with the tag state, which indicates if the policy should check for tagged artifacts or untagged artifacts. Artifacts are tagged when pushing or pulling an image to or from a repository. For more on Docker tags, see Container concepts.The options are:
tagged
: only applies to tagged artifacts.untagged
: only applies to untagged artifacts.any
: applies to all versions
Formats that don't support tags are treated as
untagged
. If a repository has immutable tags enabled, tagged artifacts can't be deleted. For more information on tag state as it applies to cleanup policies, see the TagState reference.TAG_PREFIXES
with a comma-separated list of tag prefixes. For example, the prefixestest
, andstaging
would match images with tagstestenv
andstaging-1.5
.tagState
must be set toTAGGED
to use tag prefixes.VERSION_PREFIXES
with a comma-separated list of artifact version prefixes. For examplev1, v2
would match versionsv1.5
,v2.0alpha
, andv10.2
.PACKAGE_PREFIXES
with a comma-separated list of artifact name prefixes. For examplered, blue
would match artifact namesred-team
,redis
, andbluebird
.
OLDER_THAN_DURATION
with the minimum time since the version of an artifact was created in the repository, specified as a duration. For example,30d
is 30 days. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.NEWER_THAN_DURATION
with the maximum time since the version of an artifact was created in the repository, specified as a duration. For example,30d
is 30 days.
Create a keep policy for most recent versions
You can create a keep policy to keep a specific number of versions. You cannot use Conditional keep and Keep most recent versions criteria in the same keep policy.
Keep policies work with delete policies to keep artifacts that would be deleted according to the specifications of your delete policy, but that you want to keep. When an artifact matches the criteria for both a delete policy and a keep policy, the artifact is kept.
console
You can create a keep most recent versions policy for a new or existing repository.
To add a keep most recent versions policy to an existing repository:
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, select Dry run to test your new policy before committing to deleting any artifacts. You need to set at least one delete policy to view the results of your keep policy. For more information on seeing the results of the test, see dry run.
Once you are certain your policies are working as intended, edit your repository settings again, and select Delete artifacts to apply your cleanup policies and delete the selected artifacts.
Click Add a cleanup policy and add the following:
- Name: Give the cleanup policy a name. The name must be unique within the group of policies that you apply to a repository.
- Policy type: Select Keep most recent versions.
In the Keep count field, enter the number of versions of an artifact to keep in your repository.
Optional: select Package prefixes to specify package prefixes to apply the keep policy to. For example
red, blue
would match artifact namesred-team
,redis
, andbluebird
.You can add more cleanup policies by clicking Add a cleanup policy.
Click Update.
Your cleanup policy is applied to your repository. You can view your cleanup policies in the Repository details section by clicking Show more.
JSON
The format is similar to a delete policy. For a keep policy, the
value for action
is {"type": "Keep"}
.
A keep policy for retaining a specific number of versions has a
mostRecentVersions
section instead of a condition
section.
{
"name": "KEEP_POLICY_NAME",
"action": {"type": "Keep"},
"mostRecentVersions": {
"packageNamePrefixes": ["PACKAGE_PREFIXES"],
"keepCount": MINIMUM_NUMBER
}
}
Replace the following:
KEEP_POLICY_NAME
with a name for your keep policy. The name must be unique within the group of policies that you apply to a repository.PACKAGE_PREFIXES
with the optional package prefixes to apply the keep policy to. For examplered, blue
would match artifact namesred-team
,redis
, andbluebird
.
MINIMUM_NUMBER
with the number of versions of an artifact to keep in your repository.
To apply the keep policy to all packages in your repository, omit the
packageNamePrefixes
condition. The specified number of recent versions of
each package in your repository are kept.
Example policy file
The following policy file example has one delete policy and two keep policies.
- The
delete-prerelease
policy removes artifact versions 30 days after upload if the artifact starts with the stringalpha
orv0
. - The
keep-tagged-release
policy retains artifacts tagged with the prefixrelease
that have a filename starting withwebapp
ormobile
. - The
keep-minimum-versions
policy retains the five most recent versions of artifacts that have a filename starting withwebapp
,mobile
, orsandbox
.
[
{
"name": "delete-prerelease",
"action": {"type": "Delete"},
"condition": {
"tagState": "tagged",
"tagPrefixes": ["alpha", "v0"],
"olderThan": "30d"
}
},
{
"name": "keep-tagged-release",
"action": {"type": "Keep"},
"condition": {
"tagState": "tagged",
"tagPrefixes": ["release"],
"packageNamePrefixes": ["webapp", "mobile"]
}
},
{
"name": "keep-minimum-versions",
"action": {"type": "Keep"},
"mostRecentVersions": {
"packageNamePrefixes": ["webapp", "mobile", "sandbox"],
"keepCount": 5
}
}
]
Test your policies with a dry run
To test your cleanup policies, you can set your cleanup policy to dry run in
the console, or run the
gcloud artifacts set-cleanup-policies
command with the --dry-run
flag.
To analyze the effect of your cleanup policies you can view the Artifact Registry Data access audit logs. To receive Data Access audit logs for cleanup policies, you must explicitly enable the data write type of data access audit logs for the Artifact Registry service. To enable data access audit logs, see Enable audit logs.
console
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, select Dry run.
Click Add a cleanup policy and configure the options for your Conditional delete, Conditional keep, or Keep most recent versions policies.
Click Update.
When a delete policy results in a BatchDeleteVersions
action, the parameter
validateOnly
evaluates to "true"
.
To query audit logs for dry runs of your cleanup policies, run the following command:
gcloud logging read 'protoPayload.serviceName="artifactregistry.googleapis.com" AND protoPayload.request.parent:"projects/PROJECT_ID/locations/LOCATION/repositories/REPOSITORY" AND protoPayload.request.validateOnly=true' \
--resource-names="projects/PROJECT_ID" \
--project=PROJECT_ID
The output resembles the following:
insertId: qwe123ty3
logName: projects/my-project/logs/cloudaudit.googleapis.com%2Fdata_access
operation:
first: true
id: projects/my-project/locations/us-west1/operations/12345abc-fb9b-4b6f-b02c-9a397ee807d4
producer: artifactregistry.googleapis.com
protoPayload:
'@type': type.googleapis.com/google.cloud.audit.AuditLog
authenticationInfo:
principalEmail: service-774919394028@gcp-sa-staging-artreg.iam.gserviceaccount.com
authorizationInfo:
- granted: true
permission: artifactregistry.versions.delete
resource: projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/-
resourceAttributes: {}
methodName: google.devtools.artifactregistry.v1.ArtifactRegistry.BatchDeleteVersions
request:
'@type': type.googleapis.com/google.devtools.artifactregistry.v1.BatchDeleteVersionsRequest
names:
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:4bb3756e4e75dfbc3ced87521ed62b26d16fb4e17993ae6877165f2b6551fb55
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:e8185538b50df953529b300be4963b2c21158808becac7aa0d610f61de8ba701
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:7f7fb0a9453da49f831fe92eb8b1751be13acefe1bbd44cc3f0d63d41c422246
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:84ac871a34560b39dd7bde57b4d333f18a7e8c1b61c8d350c1fefeb1fcd2b3ac
parent: projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/-
validateOnly: true
requestMetadata:
callerIp: private
callerSuppliedUserAgent: stubby_client
destinationAttributes: {}
requestAttributes:
auth: {}
time: '2023-05-26T04:31:21.909465579Z'
resourceName: projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/-
serviceName: artifactregistry.googleapis.com
receiveTimestamp: '2023-05-26T04:31:22.641338594Z'
resource:
labels:
method: google.devtools.artifactregistry.v1.ArtifactRegistry.BatchDeleteVersions
project_id: my-project
service: artifactregistry.googleapis.com
type: audited_resource
severity: INFO
timestamp: '2023-05-26T04:31:21.909004200Z'
gcloud
To do a dry run with your cleanup policies, run the following command:
gcloud artifacts repositories set-cleanup-policies REPOSITORY \
--project=PROJECT_ID \
--location=LOCATION \
--policy=POLICY_FILE \
--dry-run
Replace the following:
REPOSITORY
with the name of the repository.PROJECT_ID
with the ID of your Google Cloud project.-
LOCATION
is the regional or multi-regional location of the repository.
When a delete policy results in a BatchDeleteVersions
action, the parameter
validateOnly
evaluates to "true"
.
To query audit logs for dry runs of your cleanup policies, run the following command:
gcloud logging read 'protoPayload.serviceName="artifactregistry.googleapis.com" AND protoPayload.request.parent:"projects/PROJECT_ID/locations/LOCATION/repositories/REPOSITORY" AND protoPayload.request.validateOnly=true' \
--resource-names="projects/PROJECT_ID" \
--project=PROJECT_ID
The output resembles the following:
insertId: qwe123ty3
logName: projects/my-project/logs/cloudaudit.googleapis.com%2Fdata_access
operation:
first: true
id: projects/my-project/locations/us-west1/operations/12345abc-fb9b-4b6f-b02c-9a397ee807d4
producer: artifactregistry.googleapis.com
protoPayload:
'@type': type.googleapis.com/google.cloud.audit.AuditLog
authenticationInfo:
principalEmail: service-774919394028@gcp-sa-staging-artreg.iam.gserviceaccount.com
authorizationInfo:
- granted: true
permission: artifactregistry.versions.delete
resource: projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/-
resourceAttributes: {}
methodName: google.devtools.artifactregistry.v1.ArtifactRegistry.BatchDeleteVersions
request:
'@type': type.googleapis.com/google.devtools.artifactregistry.v1.BatchDeleteVersionsRequest
names:
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:4bb3756e4e75dfbc3ced87521ed62b26d16fb4e17993ae6877165f2b6551fb55
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:e8185538b50df953529b300be4963b2c21158808becac7aa0d610f61de8ba701
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:7f7fb0a9453da49f831fe92eb8b1751be13acefe1bbd44cc3f0d63d41c422246
- projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/docker-load-thursday/versions/sha256:84ac871a34560b39dd7bde57b4d333f18a7e8c1b61c8d350c1fefeb1fcd2b3ac
parent: projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/-
validateOnly: true
requestMetadata:
callerIp: private
callerSuppliedUserAgent: stubby_client
destinationAttributes: {}
requestAttributes:
auth: {}
time: '2023-05-26T04:31:21.909465579Z'
resourceName: projects/my-project/locations/us-west1/repositories/docker-test-dryrun/packages/-
serviceName: artifactregistry.googleapis.com
receiveTimestamp: '2023-05-26T04:31:22.641338594Z'
resource:
labels:
method: google.devtools.artifactregistry.v1.ArtifactRegistry.BatchDeleteVersions
project_id: my-project
service: artifactregistry.googleapis.com
type: audited_resource
severity: INFO
timestamp: '2023-05-26T04:31:21.909004200Z'
Apply policies to a repository
To use your cleanup policies defined in a local JSON file, apply them to repositories where you want Artifact Registry to handle automatic deletion of artifact versions by using the gcloud CLI.
To apply cleanup policies set to Dry run in the console, set the policy to Delete artifacts.
You can only apply cleanup policies to standard repositories. You cannot apply cleanup policies to:
- A Google Cloud project.
console
To apply cleanup policies:
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, select Delete artifacts.
Artifact Registry deletes and retains artifacts that match your policies using a background job that runs periodically. Changes should take effect within approximately one day.
gcloud
To apply cleanup policies, run the following command in the directory with your cleanup policy file.
gcloud artifacts repositories set-cleanup-policies REPOSITORY \
--project=PROJECT_ID \
--location=LOCATION \
--policy=POLICY_FILE \
--no-dry-run
Replace the following:
REPOSITORY
with the name of the repository.PROJECT_ID
with the ID of your Google Cloud project.-
LOCATION
is the regional or multi-regional location of the repository. POLICY_FILE
is the name of the file with the cleanup policy.
The --no-dry-run
flag disables dry run functionality for
the repository.
For example, the following command applies policies in policy.json
to the
repository my-repo
in the region us-west1
in the project my-project
.
gcloud artifacts repositories set-cleanup-policies my-repo \
--project=my-project \
--location=us-west1 \
--policy=policy.json
Artifact Registry deletes and retains artifacts that match your policies using a background job that runs periodically. Changes should take effect within approximately one day.
Update a policy
console
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, click the name of the policy you want to set to modify.
Edit the cleanup policy and click Update.
Your cleanup policy is applied to your repository.
gcloud
To update existing policies, edit the settings in your policy file and then run the following command to apply the policies again.
gcloud artifacts repositories set-cleanup-policies REPOSITORY \
--project=PROJECT_ID \
--location=LOCATION \
--policy=POLICY_FILE \
--no-dry-run
Replace the following:
REPOSITORY
with the name of the repository.PROJECT_ID
with the ID of your Google Cloud project.-
LOCATION
is the regional or multi-regional location of the repository. POLICY_FILE
is the name of the file with the cleanup policy.
The --no-dry-run
flag disables dry run functionality for
the repository.
List repository cleanup policies
You can view the cleanup policies associated with a repository.
console
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository you want to view.
In the Repository details section, click Show more.
The cleanup policies names are displayed.
To view or edit the details of the repository's cleanup policies, click Edit Repository.
Your existing cleanup policies details are listed in the Cleanup policies section.
gcloud
Run the following command:
gcloud artifacts repositories list-cleanup-policies REPOSITORY \
--project=PROJECT_ID \
--location=LOCATION
Replace the following:
REPOSITORY
with the name of the repository.PROJECT_ID
with the ID of your Google Cloud project.-
LOCATION
is the regional or multi-regional location of the repository.
Remove a policy from a repository
Remove a cleanup policy from a repository when you no longer want Artifact Registry to automatically delete artifact versions.
console
Open the Repositories page in the Google Cloud console.
In the repositories list, select the repository and click Edit Repository.
In the Cleanup policies section, hover over the name of the policy you want to delete.
Click the Delete icon.
Click Update.
The cleanup policy is deleted.
gcloud
Run the following command:
gcloud artifacts repositories delete-cleanup-policies REPOSITORY \
--policynames=POLICY_NAMES \
--project=PROJECT_ID \
--location=LOCATION
Replace the following:
REPOSITORY
is the name of the repository.PROJECT_ID
is the ID of your Google Cloud project.-
LOCATION
is the regional or multi-regional location of the repository. POLICY_NAMES
is a comma-separated list of policy names for the policies you want to remove.
For example, the following command removes a policy named delete-test
from the
repository my-repo
in the region us-west1
in the project my-project
:
gcloud artifacts repositories delete-cleanup-policies my-repo \
--policynames=delete-test \
--project=my-project \
--location=us-west1
Audit log entries for cleanup policies
To view cleanup policy log entries in Cloud Logging, you must
enable DATA_WRITE
logging.
When you set a cleanup policy on a repository, the operation is logged as an
update to the repository (UpdateRepository
operation).
When Artifact Registry deletes a version of an artifact, it logs the event
in the Cloud Logging Data Access logs. The log entries show that the
Artifact Registry service account performed the deletion. The
Artifact Registry service account ID is in the format
service-PROJECT-NUMBER@gcp-sa-artifactregistry.iam.gserviceaccount.com
Other tools
For container images, you can also use the following tools for image lifecycle management:
- gcrane: A tool for container registries that you can use to copy images between repositories.
- gcr-cleaner: A tool to delete container images based on specified criteria.
The gcrane
and gcr-cleaner
tools are not official Google products.