Artifact Registry: the next generation of Container Registry

Enterprise application teams need to manage more than just containers in their software supply chain. That’s why we created Artifact Registry, a fully-managed service with support for both container images and non-container artifacts.

Artifact Registry improves and extends upon the existing capabilities of Container Registry, such as customer-managed encryption keys, VPC-SC support, Pub/Sub notifications, and more, providing a foundation for major upgrades in security, scalability and control. While Container Registry is still available and will continue to be supported as a Google Enterprise API, going forward new features will only be available in Artifact Registry, and Container Registry will only receive critical security fixes.

Below, we’ll highlight the key improvements Artifact Registry provides over Container Registry, as well as the steps to start using it today.

A unified control plane for container, OS and language repositories

Artifact Registry includes more than just container images: as a developer, you can store multiple artifact formats, including OS packages for Debian and RPM, as well as language packages for popular languages like Python, Java, and Node. In addition, you can manage them all from a single, unified interface. 

A more granular permission model with Cloud IAM

Artifact Registry comes with fine-grained access control via Cloud IAM. Unlike Container Registry, this allows you to control access on a per-repository basis, rather than all images stored in a project. This enables you to scope permissions as granularly as possible, for example to specific regions or environments as necessary.

Repositories in the region of your choice

Artifact Registry supports the creation of regional repositories, which allows you to put your artifacts and data directly in the location that they'll be used, allowing for higher availability and speed. In Container Registry, you’re limited to “multi-regions”: for example, the closest multi-region for Australia is Asia. However, with Artifact Registry’s regional support, you can create a repository directly in the Sydney data center.

A pricing model that respects your region

While Artifact Registry’s pricing is still based on a combination of network egress and storage usage, support for regional repositories means that you can choose in what region to host your container repositories. Although per unit storage costs are higher for Artifact Registry, optimizing the locations of your repositories to be hosted in the same region where they are used can result in cost savings, because any network traffic within the same region is not considered egress and is thus free.

Part of a secure supply chain

Artifact Registry was designed from the ground up to integrate into our suite of secure supply chain products. This means that it can optionally use Container Analysis to scan your container images for vulnerabilities as they’re uploaded to Artifact Registry, and works directly with Binary Authorization to secure your deployments.

We’re here to help you migrate

If you already use Container Registry, you can take advantage of all the current and upcoming features of container image storage with Artifact Registry by migrating to it. To help, we’ve prepared the following guides:

• Transitioning from Container Registry provides an overview of how to use Artifact Registry instead of Container Registry in a backwards-compatible way

• Copying images from Container Registry guide you to move container images from an existing repository to an Artifact Registry repository

If you’re currently hosting your container images with a third party, you can begin using Artifact Registry directly, by following the instructions in our guide, Migrating containers from a third-party registry, which shows you how to avoid rate limits on image pulls or third-party outages which can disrupt your builds and deployments.

And if you're just getting started storing container images, you can begin using Artifact Registry as your image repository right away. To learn how, check out Artifact Registry quickstart for Docker, a guide to using Artifact Registry as a single location for managing private packages and Docker container images.

Join our community 

Our Artifact Registry communities are also great resources to help answer your questions and for guidance on best practices: 

• Ask questions on Stack Overflow using the google-artifact-registry tag

• Visit the Google Cloud Slack community and ask a question in the #artifact-registry channel. If you haven't already joined the Slack community, use this form to sign up.