This page describes how to create Artifact Registry standard repositories.
Standard repositories are repositories for your private artifacts. You upload artifacts to and download artifacts directly from these repositories.
The following repository modes are also available for some artifact formats:
- Remote repositories store artifacts from external sources such as Docker Hub, Maven Central, or PyPI.
- Virtual repositories act as a single access point to download, install, or deploy artifacts that are in upstream standard or remote repositories.
Each repository can contain artifacts for a single supported format.
Before you begin
- Enable Artifact Registry, including enabling the Artifact Registry API and installing Google Cloud CLI.
- (Optional) Configure defaults for gcloud commands.
- If you require customer-managed-encryption keys (CMEK) to encrypt repository content, create and enable a key in Cloud KMS for the repository.
Required roles
To get the permissions that you need to create repositories,
ask your administrator to grant you the
Artifact Registry Administrator (roles/artifactregistry.admin
) IAM role on the Google Cloud project.
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
Create a standard repository
When you create a repository, you must configure the following settings that cannot be changed after the repository is created:
- Artifact format.
- Repository mode, if multiple modes are available for the selected format.
- Repository location.
- Encryption with Google-owned and Google-managed keys or customer-managed encryption keys. Artifact Registry uses Google-owned and Google-managed encryption keys by default.
Artifact Registry enforces organization policy constraints that require CMEK to encrypt resources or limit which Cloud KMS keys can be used for CMEK protection.
Create a repository using the Google Cloud console
Open the Repositories page in the Google Cloud console.
Click Create Repository.
Specify the repository name. For each repository location in a project, repository names must be unique.
Select the repository format.
If multiple repository modes are available, select Standard.
Maven only: Configure the version policy.
Choose a version policy:
- None - No version policy. Store both release and snapshot packages.
- Release - Store only release packages.
- Snapshot - Store only snapshot packages.
If you want a snapshot repository to accept non-unique snapshots that overwrite existing versions in the repository, select Allow snapshot overwrites.
Under Location Type, choose the location for the repository:
Choose the location type: Region or Multi-Region. The list of locations changes to reflect your selection.
In the Region or Multi-region list, select a location.
For information about location types and supported locations, see Repository locations
Add a description for the repository. Descriptions help to identify the purpose of the repository and the kind of artifacts it contains.
Don't include sensitive data, since repository descriptions are not encrypted.
If you want to use labels to organize your repositories, click Add Label and enter the key-value pair for the label. You can add, edit, or remove labels after you create the repository.
In the Encryption section, choose the encryption mechanism for the repository.
- Google-managed key - Encrypt repository content with a Google-owned and Google-managed key.
Customer-managed key - Encrypt repository content with a key that you control through Cloud Key Management Service. For key setup instructions, see Setting up CMEK for repositories.
For Docker repositories, the Immutable image tags setting configures your repository to use image tags that always point to the same image digest. A user with the Artifact Registry administrator role can change this setting after the repository is created.
- By default this setting is disabled. Image tags are mutable, meaning that the image digest that the tag points to can change.
- If this setting is enabled, image tags are immutable. A tag must always point to the same image digest. To learn more about mutable and immutable image tags, see Container image versions.
If you want to use cleanup policies to delete unused artifacts, in the Cleanup policies section:
- Select Dry run to test your policy before applying it.
- Click Add policy to add a keep or delete policy to your repository.
- Give your cleanup policy a descriptive name in the Name field.
In the Policy type section, select one of:
- Conditional delete: deletes artifacts based on conditions you define.
- Conditional keep: keeps artifacts based on conditions you define.
Keep most recent versions: Keeps a set number of most recent versions per package.
For more details on cleanup policies, see Configure cleanup policies.
In the Artifact Analysis section, choose vulnerability scanning settings:
Enabled - Allow scanning in this repository. The Container Scanning API must be enabled on your project.
When you enable the Container Scanning API, billing begins immediately. After you enable the Container Scanning API on a project, vulnerability scanning is enabled for all new and existing repositories. When you push an image to Artifact Registry it's automatically scanned by Artifact Analysis.
Disabled - Prevent scanning in this repository. If the Container Scanning API is enabled on your project, scanning continues on other repositories; this repository will be excluded.
For more information on vulnerability scanning options, see Enable and disable automatic scanning.
Click Create.
Artifact Registry creates the repository and adds it to the list of repositories.
After you have created the repository:
- Grant access to the repository.
Configure Docker, package managers, and other third-party clients to authenticate to repositories.
Create a repository using the Google Cloud CLI
Run the command to create a new repository.
Apt
gcloud artifacts repositories create REPOSITORY \ --repository-format=apt \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
Docker
gcloud artifacts repositories create REPOSITORY \
--repository-format=docker \
--location=LOCATION \
--description="DESCRIPTION" \
--kms-key=KMS-KEY \
--immutable-tags \
--async \
--disable-vulnerability-scanning
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Don't include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--immutable-tags
is an optional flag that configures your repository to use tags that always point to the same image digest.By default, when the
--immutable-tags
flag isn't passed, a tag can be moved to another image digest. To learn more about immutable and mutable image tags, see Container image versions.--async
returns immediately, without waiting for the operation in progress to complete.--disable-vulnerability-scanning
: is an optional flag that configures your repository to disable automatic vulnerability scanning.--allow-vulnerability-scanning
: is an optional flag that configures your repository to permit automatic vulnerability scanning. For more information, see Enable or disable automatic scanning.
Generic
gcloud artifacts repositories create REPOSITORY \ --repository-format=generic \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
Go
gcloud artifacts repositories create REPOSITORY \ --repository-format=go \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
KubeFlow Pipelines
gcloud artifacts repositories create REPOSITORY \ --repository-format=kfp \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
Maven
By default, Maven repositories store both snapshot and release versions of packages. You can specify a version policy to create a snapshot or release repository.
To create a repository that stores snapshots and releases, run the command:
gcloud artifacts repositories create REPOSITORY \ --repository-format=maven \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.To store snapshot and release versions in different repositories, specify the version policy in the command:
gcloud artifacts repositories create REPOSITORY \ --repository-format=maven \ [--location=LOCATION] \ [--description="DESCRIPTION"] \ [--kms-key=KMS-KEY] \ [--version-policy=VERSION-POLICY] \ [--allow-snapshot-overwrites] \ [--async] \
The following flags are specific to Maven repositories:
--version-policy=VERSION-POLICY
- Specifies the types of packages to store in the repository. You can set VERSION-POLICY to:
None
- No version policy. Store both release and snapshot packages. If you do not include the--version-policy
flag in your command, this is the default setting.Release
- Store only release packages.Snapshot
- Store only snapshot packages.
--allow-snapshot-overwrites
- For snapshot repositories only. If you specify this flag, you can publish non-unique snapshots that overwrite existing versions in the repository.
npm
gcloud artifacts repositories create REPOSITORY \ --repository-format=npm \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
Python
gcloud artifacts repositories create REPOSITORY \ --repository-format=python \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
Yum
gcloud artifacts repositories create REPOSITORY \ --repository-format=yum \ --location=LOCATION \ --description="DESCRIPTION" \ --kms-key=KMS-KEY \ --async
Replace the following:
REPOSITORY
: the name of the repository. For each repository location in a project, repository names must be unique.LOCATION
: the regional or multi-regional location for the repository. You can omit this flag if you set a default. To view a list of supported locations, run the command:gcloud artifacts locations list
DESCRIPTION
: a description of the repository. Do not include sensitive data, since repository descriptions are not encrypted.KMS-KEY
: the full path to the Cloud KMS encryption key, if you are using a customer-managed encryption key to encrypt repository contents. The path is in the format:projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEY-RING/cryptoKeys/KEY
Replace the following:
KMS-PROJECT
: the project where your key is stored.KMS-LOCATION
: the location of the key.KEY-RING
: the name of the key ring.KEY
: the name of the key.
--async
returns immediately, without waiting for the operation in progress to complete.
Artifact Registry creates your repository. Run the following command to view a description of the repository:
gcloud artifacts repositories describe REPOSITORY \
--location=LOCATION
After you have created the repository:
- Grant access to the repository.
- Configure cleanup policies to delete unused artifacts.
Configure Docker, package managers, and other third-party clients to authenticate to repositories.
Create a repository using Terraform
Use the google_artifact_registry_repository resource
to create repositories.
terraform-provider-google
version
5.0.0
or newer is required.
If you are new to using Terraform for Google Cloud, see the Get Started - Google Cloud page on the HashiCorp website.
The following example defines the provider and a repository with the
Terraform resource name my-repo
.
Apt
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "apt" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Docker
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "docker" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Generic
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "generic" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Go
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "go" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
KubeFlow Pipelines
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "kfp" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Maven
If you do not specify a version policy, Artifact Registry creates a Maven repository that stores both snapshot and release versions of packages by default.
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "maven" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.To store snapshot and release versions in different repositories, specify a version policy for the repository using a
maven_config
block. This block supports the following settings:version_policy
sets the version policy with one of the following values:VERSION_POLICY_UNSPECIFIED
: Store snapshot and release packages. This is the default setting.- RELEASE: Store release packages only.
- SNAPSHOT: Store snapshot packages only.
allow_snapshot_overwrites
configures a repository with aSNAPSHOT
version policy to accept non-unique snapshots that overwrite existing versions in the repository.The following example defines a Maven repository with a release version policy.
provider "google" { project = "my-project" } resource "google_artifact_registry_repository" "my-repo" { provider = google-beta location = "us-central1" repository_id = "my-repo" description = "Maven repository" format = "MAVEN" maven_config { version_policy = "RELEASE" } }
npm
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "npm" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Python
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "python" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Yum
provider "google" { project = "PROJECT-ID" }
resource "google_artifact_registry_repository" "my-repo" { location = "LOCATION" repository_id = "REPOSITORY" description = "DESCRIPTION" format = "yum" kms_key_name = "KEY" cleanup_policy_dry_run = DRY_RUN_STATUS cleanup_policies { id = "POLICY_NAME" action = "DELETE" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] older_than = "TIME_SINCE_UPLOAD" } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" condition { tag_state = "TAG_STATE" tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"] package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] } } cleanup_policies { id = "POLICY_NAME" action = "KEEP" most_recent_versions { package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"] keep_count = KEEP_COUNT } } }
Replace the following:
PROJECT-ID
is the Google Cloud project ID.LOCATION
is the repository location.REPOSITORY
is the repository name.DESCRIPTION
is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.KEY
is the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-managed encryption keys.DRY_RUN_STATUS
determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.true
: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.false
: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME
is the name of the cleanup policy.TAG_STATE
is the tag state to apply the policy to. Values aretagged
,untagged
, andany
.any
applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.TAG_PREFIX
,TAG_PREFIX_N
are tag prefixes to apply the policy to.PKG_PREFIX
,PKG_PREFIX_N
are package prefixes to apply the policy to.TIME_SINCE_UPLOAD
is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appendings
,m
,h
, ord
respectively.KEEP_COUNT
is the number of versions of an artifact to keep in your repository.
Artifact Registry creates your repository. Run the following command to view a description of the repository:
gcloud artifacts repositories describe REPOSITORY \
--location=LOCATION
After you have created the repository:
- Grant access to the repository.
Configure Docker, package managers, and other third-party clients to authenticate to repositories.
Edit repository descriptions
You can change the repository description from Google Cloud console or the gcloud CLI.
Console
Open the Repositories page in the Google Cloud console.
In the repository list, select the repository and click Edit Repository.
Edit the repository description and then click Save.
gcloud
To update the repository description, run the command:
gcloud artifacts repositories update REPOSITORY \
--project=PROJECT \
--location=LOCATION \
--description="DESCRIPTION"
Replace the following:
REPOSITORY
: the name of the repository. If you configured a default repository, you can omit this flag to use the default.PROJECT
: the Google Cloud project ID. If this flag is omitted, the current or default project is used.LOCATION
: a regional or multi-regional location. Use this flag to view repositories in a specific location. If you configured a default location, you can omit this flag to use the default.DESCRIPTION
: a description for the repository.