Container Registry stores container images in Cloud Storage. Cloud Storage always encrypts your data on the server side. You can also generate and manage customer-managed encryption keys using Key Management Service. These encryption keys act as an additional encryption layer on top of the standard Cloud Storage encryption.
To use a Key Management Service encryption key with Container Registry, you assign the key to the Cloud Storage service account and then set the key as the default key for the Container Registry storage bucket.