Skip to content
ConfigurationRegistriesGAR

GAR (Google Artifact Registry)

The gar registry lets you configure Google Artifact Registry integration.

The gar registry lets you configure Google Artifact Registry integration for container registries under *-docker.pkg.dev.

Variables

Env varRequiredDescriptionSupported valuesDefault value when missing
DD_REGISTRY_GAR_{REGISTRY_NAME}_CLIENTEMAILService Account Client Email (required for private images access)See Service Account credentials
DD_REGISTRY_GAR_{REGISTRY_NAME}_PRIVATEKEYService Account Private Key (required for private images access)See Service Account credentials

Docker and Docker Compose action triggers use this same service-account configuration when they pull private GAR images during an update. No separate action-trigger auth setting is required.

Examples

Configure for authenticated access

services:
  drydock:
    image: codeswhat/drydock
    ...
    secrets:
      - gar_private_key
    environment:
      - DD_REGISTRY_GAR_PRIVATE_CLIENTEMAIL=johndoe@myproject.iam.gserviceaccount.com
      - DD_REGISTRY_GAR_PRIVATE_PRIVATEKEY__FILE=/run/secrets/gar_private_key

secrets:
  gar_private_key:
    file: /path/to/gar-private-key.pem
docker run \
  -v /path/to/gar-private-key.pem:/run/secrets/gar_private_key:ro \
  -e DD_REGISTRY_GAR_PRIVATE_CLIENTEMAIL="johndoe@myproject.iam.gserviceaccount.com" \
  -e DD_REGISTRY_GAR_PRIVATE_PRIVATEKEY__FILE="/run/secrets/gar_private_key" \
  ...
  codeswhat/drydock

Keep the private-key file outside the repository, restrict its permissions, and mount it read-only. The __FILE suffix loads the value from the mounted secret without placing the PEM in the Compose file, shell history, or container environment metadata.