This document lists the quotas and limits that apply to Artifact Registry.
A quota restricts how much of a shared Google Cloud resource your Google Cloud project can use, including hardware, software, and network components. Therefore, quotas are a part of a system that does the following:
- Monitors your use or consumption of Google Cloud products and services.
- Restricts your consumption of those resources, for reasons that include ensuring fairness and reducing spikes in usage.
- Maintains configurations that automatically enforce prescribed restrictions.
- Provides a means to request or make changes to the quota.
In most cases, when a quota is exceeded, the system immediately blocks access to the relevant Google resource, and the task that you're trying to perform fails. In most cases, quotas apply to each Google Cloud project and are shared across all applications and IP addresses that use that Google Cloud project.
There are also limits on Artifact Registry resources. These limits are unrelated to the quota system. Limits cannot be changed unless otherwise stated.
Artifact Registry limits the maximum rate of incoming requests and enforces quotas on a per-project and per-user basis.
See Working with quotas for information on quota policies, viewing your quota, and managing your quota.
Go to the API dashboard for your current API activity.
Quotas
Artifact Registry enforces the following quotas.
Per-project request quota
| Quota | Value | Additional information |
|---|---|---|
| Requests per minute in each region or multi-region | 60,000 | |
| Write requests per minute in each region or multi-region | 18,000 | In most cases, a single HTTP request or API call counts as a single request. However, some operations count as multiple requests. For example, a batch request like `ImportAptArtifacts` might charge quota for each item in the batch. A Docker pull or push usually makes multiple HTTP requests, so quota is charged for each request. |
| Delete requests per minute in each region or multi-region | 18,000 | Deletions requested by cleanup policies count towards the delete requests quota and deletions per day, per repository limit. |
Per-user request quota
By default, projects have unlimited per-user quota. You can optionally cap per-user quota within a project. Per-user quota applies per authenticated user or per client IP address for unauthenticated requests to a public repository.
Cloud KMS quotas and Artifact Registry
When you use CMEK in Artifact Registry, your projects can consume Cloud KMS cryptographic requests quotas. For example, CMEK-encrypted repositories can consume these quotas for each upload or download. Encryption and decryption operations using CMEK keys affect Cloud KMS quotas only if you use hardware (Cloud HSM) or external (Cloud EKM) keys. Confirm that you have enough quota to enable application-layer secrets encryption for your applications and workflows. For more information, see Cloud KMS quotas.
Artifact Analysis quotas
See Artifact Analysis quotas and limits for information on scanning usage policies.
Public upstream quotas
If you use remote repositories to cache public upstream repositories, you might be subject to the upstream repositories' read and write quotas.
Usage Limits
Artifact Registry enforces the following usage limits.
| Usage limit | Value |
|---|---|
| Cleanup policy deletions per repository, per day | 300,000 |
| Cleanup policies per repository | 10 |
| Max data retrieval per request | 9.9 GB |
| Max upstream policies for virtual repositories | 30 |
| Max number of upstream resolutions per request for virtual repositories | 60 |
| Repository creation and deletion operations, per region, per minute | 30 |
Remote Repository Limits
When you request an artifact from your remote repository, and the artifact hasn't already been cached in your remote, the artifact is requested from the upstream repository, and then stored in your remote repository. Requests to upstream hosts count against your organization’s upstream host read request limit, and caching the artifact in your remote repository uses your project’s write and request quotas. Once the artifact has been cached to your remote, requests for that artifact only count against your project's request quota.
Artifact Registry enforces the following usage limits for remote repositories.
| Limit | Public upstream | Value |
|---|---|---|
| Public upstream host reads per organization, per region, per minute | Default | 600 |
| Docker Hub | 600 | |
| Maven Central | 3000 | |
| NpmJS | 1800 | |
| PyPI | 1200 |
Limit for listing container images in a repository
The Docker Registry API method to list container images returns an incomplete list if a repository has more than 10,000 images or tags. This limitation applies to Docker clients that use the Docker Registry API to interact with registries. The limitation does not apply to the gcloud artifacts docker images list command or Artifact Registry API requests.
Request a quota increase
To increase or decrease most quotas, use the Google Cloud console. For more information, see Request a higher quota.