Create standard repositories

This page describes how to create Artifact Registry standard repositories.

Standard repositories are repositories for your private artifacts. You upload artifacts to and download artifacts directly from these repositories.

The following repository modes are also available for some artifact formats:

Remote repositories store artifacts from external sources such as Docker Hub, Maven Central, or PyPI.

Virtual repositories act as a single access point to download, install, or deploy artifacts that are in upstream standard or remote repositories.

Each repository can contain artifacts for a single supported format.

Before you begin

Enable Artifact Registry, including enabling the Artifact Registry API and installing Google Cloud CLI.
(Optional) Configure defaults for gcloud commands.
If you require customer-managed-encryption keys (CMEK) to encrypt repository content, create and enable a key in Cloud KMS for the repository.

Required roles

To get the permissions that you need to create repositories, ask your administrator to grant you the Artifact Registry Administrator (roles/artifactregistry.admin) IAM role on the Google Cloud project. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create a standard repository

When you create a repository, you must configure the following settings that cannot be changed after the repository is created:

Artifact format.

Repository mode, if multiple modes are available for the selected format.

Repository location.
Encryption with Google-owned and Google-managed encryption keys or customer-managed encryption keys. Artifact Registry uses Google-owned and Google-managed encryption keys by default.

Artifact Registry enforces organization policy constraints that require CMEK to encrypt resources or limit which Cloud KMS keys can be used for CMEK protection.

Create a repository using the Google Cloud console

Open the Repositories page in the Google Cloud console.

Open the Repositories page
Click Create Repository.
Specify the repository name. For each repository location in a project, repository names must be unique.
Select the repository format.

Note: Ruby repositories are in Preview.
If multiple repository modes are available, select Standard.
Maven only: Configure the version policy.
1. Choose a version policy:
  - None - No version policy. Store both release and snapshot packages.
  - Release - Store only release packages.
  - Snapshot - Store only snapshot packages.
2. If you want a snapshot repository to accept non-unique snapshots that overwrite existing versions in the repository, select Allow snapshot overwrites.
  
  Note: Maven 3 only supports unique snapshots. If you are using snapshot repositories, we recommend using unique snapshots only.
Under Location Type, choose the location for the repository:
1. Choose the location type: Region or Multi-Region. The list of locations changes to reflect your selection.
2. In the Region or Multi-region list, select a location.
For information about location types and supported locations, see Repository locations
Add a description for the repository. Descriptions help to identify the purpose of the repository and the kind of artifacts it contains.

Don't include sensitive data, since repository descriptions are not encrypted.
If you want to use labels to organize your repositories, click Add Label and enter the key-value pair for the label. You can add, edit, or remove labels after you create the repository.
In the Encryption section, choose the encryption mechanism for the repository.
- Google-managed encryption key - Encrypt repository content with a Google-owned and Google-managed encryption key.
- Customer-managed key - Encrypt repository content with a key that you control through Cloud Key Management Service. For key setup instructions, see Setting up CMEK for repositories.
- For Docker repositories, the Immutable image tags setting configures your repository to use image tags that always point to the same image digest. A user with the Artifact Registry administrator role can change this setting after the repository is created.
  - By default this setting is disabled. Image tags are mutable, meaning that the image digest that the tag points to can change.
  - If this setting is enabled, image tags are immutable. A tag must always point to the same image digest. To learn more about mutable and immutable image tags, see Container image versions.
If you want to use cleanup policies to delete unused artifacts, in the Cleanup policies section:
1. Select Dry run to test your policy before applying it.
2. Click Add policy to add a keep or delete policy to your repository.
3. Give your cleanup policy a descriptive name in the Name field.
4. In the Policy type section, select one of:
  - Conditional delete: deletes artifacts based on conditions you define.
  - Conditional keep: keeps artifacts based on conditions you define.
  - Keep most recent versions: Keeps a set number of most recent versions per package.
    
    Caution: if you set Package prefixes for this policy, only artifacts matching the package prefixes will be kept, up to the number set for most recent versions.
  For more details on cleanup policies, see Configure cleanup policies.
In the Artifact Analysis section, choose vulnerability scanning settings:
- Enabled - Allow scanning in this repository. The Container Scanning API must be enabled on your project.
  
  When you enable the Container Scanning API, billing begins immediately. After you enable the Container Scanning API on a project, vulnerability scanning is enabled for all new and existing repositories. When you push an image to Artifact Registry it's automatically scanned by Artifact Analysis.
- Disabled - Prevent scanning in this repository. If the Container Scanning API is enabled on your project, scanning continues on other repositories; this repository will be excluded.
  
  For more information on vulnerability scanning options, see Enable and disable automatic scanning.
Click Create.

Artifact Registry creates the repository and adds it to the list of repositories.

After you have created the repository:

Grant access to the repository.
Configure Docker, package managers, and other third-party clients to authenticate to repositories.
- Container images: Docker, Helm
- Language packages: Java, Node.js, Python, Go
- OS packages: Debian, RPM
- Other: Kubeflow Pipeline templates

Create a repository using the Google Cloud CLI

Run the command to create a new repository.

Docker

Maven

By default, Maven repositories store both snapshot and release versions of packages. You can specify a version policy to create a snapshot or release repository.

To store snapshot and release versions in different repositories, specify the version policy in the command:

For snapshot repositories only. If you specify this flag, you can publish non-unique snapshots that overwrite existing versions in the repository.

Artifact Registry creates your repository. Run the following command to view a description of the repository:

Create a repository using Terraform

If you are new to using Terraform for Google Cloud, see the Get Started - Google Cloud page on the HashiCorp website.

The following example defines the provider and a repository with the Terraform resource name my-repo.

Apt

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "apt"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Docker

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "docker"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        tag_state    = "TAG_STATE"
        tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        tag_state             = "TAG_STATE"
        tag_prefixes          = ["TAG_PREFIX", "TAG_PREFIX_N"]
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
TAG_STATE is the tag state to apply the policy to. Values are tagged, untagged, and any. any applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.
TAG_PREFIX, TAG_PREFIX_N are tag prefixes to apply the policy to.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Generic

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "generic"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        tag_state    = "TAG_STATE"
        tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        tag_state             = "TAG_STATE"
        tag_prefixes          = ["TAG_PREFIX", "TAG_PREFIX_N"]
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
TAG_STATE is the tag state to apply the policy to. Values are tagged, untagged, and any. any applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.
TAG_PREFIX, TAG_PREFIX_N are tag prefixes to apply the policy to.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Go

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "go"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        tag_state    = "TAG_STATE"
        tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        tag_state             = "TAG_STATE"
        tag_prefixes          = ["TAG_PREFIX", "TAG_PREFIX_N"]
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
TAG_STATE is the tag state to apply the policy to. Values are tagged, untagged, and any. any applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.
TAG_PREFIX, TAG_PREFIX_N are tag prefixes to apply the policy to.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

KubeFlow Pipelines

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "kfp"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        tag_state    = "TAG_STATE"
        tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        tag_state             = "TAG_STATE"
        tag_prefixes          = ["TAG_PREFIX", "TAG_PREFIX_N"]
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
TAG_STATE is the tag state to apply the policy to. Values are tagged, untagged, and any. any applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.
TAG_PREFIX, TAG_PREFIX_N are tag prefixes to apply the policy to.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Maven

If you do not specify a version policy, Artifact Registry creates a Maven repository that stores both snapshot and release versions of packages by default.

allow_snapshot_overwrites configures a repository with a SNAPSHOT version policy to accept non-unique snapshots that overwrite existing versions in the repository.

npm

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "npm"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        tag_state    = "TAG_STATE"
        tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        tag_state             = "TAG_STATE"
        tag_prefixes          = ["TAG_PREFIX", "TAG_PREFIX_N"]
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
TAG_STATE is the tag state to apply the policy to. Values are tagged, untagged, and any. any applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.
TAG_PREFIX, TAG_PREFIX_N are tag prefixes to apply the policy to.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Python

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "python"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        tag_state    = "TAG_STATE"
        tag_prefixes = ["TAG_PREFIX", "TAG_PREFIX_N"]
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        tag_state             = "TAG_STATE"
        tag_prefixes          = ["TAG_PREFIX", "TAG_PREFIX_N"]
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
TAG_STATE is the tag state to apply the policy to. Values are tagged, untagged, and any. any applies to both tagged and untagged artifacts. If a repository has immutable tags enabled, tagged artifacts can't be deleted.
TAG_PREFIX, TAG_PREFIX_N are tag prefixes to apply the policy to.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Yum

  provider "google" {
      project = "PROJECT-ID"
  }

  resource "google_artifact_registry_repository" "my-repo" {
    location = "LOCATION"
    repository_id = "REPOSITORY"
    description = "DESCRIPTION"
    format = "yum"
    kms_key_name = "KEY"
    cleanup_policy_dry_run = DRY_RUN_STATUS
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "DELETE"
      condition { 
        older_than   = "TIME_SINCE_UPLOAD"
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      condition { 
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
      }
    }
    cleanup_policies {
      id     = "POLICY_NAME"
      action = "KEEP"
      most_recent_versions {
        package_name_prefixes = ["PKG_PREFIX", "PKG_PREFIX_N"]
        keep_count            = KEEP_COUNT
      }
    }
  }

Replace the following:

PROJECT-ID is the Google Cloud project ID.
LOCATION is the repository location.
REPOSITORY is the repository name.
DESCRIPTION is the optional description for the repository. Do not include sensitive data, since repository descriptions are not encrypted.
KEYis the name of the Cloud Key Management Service key, if you are using customer-managed encryption keys (CMEK) for encryption. Omit this argument to use the default setting, Google-owned and Google-managed encryption keys
DRY_RUN_STATUS determines if cleanup policies delete artifacts, or only log which artifacts would be deleted if setting cleanup policies on the repository. Omit if you don't want to add cleanup policies to the repository.
- true: sets the policies to run in dry run mode. No artifacts are deleted in dry run mode.
- false: applies the cleanup policies. Artifacts are deleted or kept depending on the policies.
For more information on cleanup policies, see Configure cleanup policies.
POLICY_NAME is the name of the cleanup policy.
PKG_PREFIX, PKG_PREFIX_N are package prefixes to apply the policy to.
TIME_SINCE_UPLOAD is the time since an artifact version was uploaded to the repository, specified as a duration. You can specify durations of seconds, minutes, hours, or days by appending s, m, h, or d respectively.
KEEP_COUNT is the number of versions of an artifact to keep in your repository.

Artifact Registry creates your repository. Run the following command to view a description of the repository:

Edit repository descriptions

You can change the repository description from Google Cloud console or the gcloud CLI.

Before you begin

Required roles

Create a standard repository

Create a repository using the Google Cloud console

Create a repository using the Google Cloud CLI

Apt

Docker

Generic

Go

KubeFlow Pipelines

Maven

npm

Python

Ruby

Yum

Create a repository using Terraform

Apt

Docker

Generic

Go

KubeFlow Pipelines

Maven

npm

Python

Yum

Edit repository descriptions

Console

gcloud

What's next

Create standard repositories Stay organized with collections Save and categorize content based on your preferences.

Before you begin

Required roles

Create a standard repository

Create a repository using the Google Cloud console

Create a repository using the Google Cloud CLI

Apt

Docker

Generic

Go

KubeFlow Pipelines

Maven

npm

Python

Ruby

Yum

Create a repository using Terraform

Apt

Docker

Generic

Go

KubeFlow Pipelines

Maven

npm

Python

Yum

Edit repository descriptions

Console

gcloud

What's next

Create standard repositories