> ## Documentation Index
> Fetch the complete documentation index at: https://docs.minimus.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Sync with Google Artifact Registry

> Set up pull through to mirror Minimus images to Google Artifact Registry

If your organization uses the Google Artifact Registry as the source of truth, you can set up a pull-through cache for your Minimus container images. This option allows you to benefit from the Minimus security advantage while keeping your current processes.

<Tip>
  Refer to Google Cloud's Artifact Registry guide for [remote repositories](https://docs.cloud.google.com/artifact-registry/docs/repositories/remote-overview) for further information.
</Tip>

## Prerequisites

1. Google Cloud project access:
   * Permissions to access and create registries in Artifact Registry
   * Permissions to create secrets in Google Secret Manager 
   * [<u>Artifact Registry API</u>](https://docs.cloud.google.com/artifact-registry/docs/reference/rest) must be enabled in your Google project
2. Access to Docker or Podman to execute an image pull. This may be done locally or within a Google Cloud Shell.

## Set up a remote repository in Google Cloud

In this step, we will set up the Minimus registry as a remote repository in the Google Cloud Artifact Registry to enable pull through.

<Steps>
  <Step title="Save Minimus token as secret">
    Save your Minimus token to the Google Secret Manager.

    1. Visit the Google Artifact Registry Secret Manager ([direct link](https://console.cloud.google.com/security/secret-manager)). 
    2. Select **+ Create secret** (top banner):

           <Frame>
             <img src="https://mintcdn.com/gutsy-6162adbc/NPVVeNc6nwDvuBoS/images/GCP-artifact-registry/GCP-create-secret.png?fit=max&auto=format&n=NPVVeNc6nwDvuBoS&q=85&s=68b2bc98e5a5ac60778295daf928ca90" alt="GCP Create Secret" width="1621" height="825" data-path="images/GCP-artifact-registry/GCP-create-secret.png" />
           </Frame>
    3. Fill in the form:

       1. **Name** your secret, for example, `minimus-image-pull-token-secret`.
       2. **Secret Value:** Paste your Minimus token as the value. 
       3. Configure the rest of the options, including encryption and rotation periods. You can keep the defaults but we recommend that you align with your organizational policies.
       4. Select **Create Secret** to confirm and save the secret.

           <Frame>
             <img src="https://mintcdn.com/gutsy-6162adbc/NPVVeNc6nwDvuBoS/images/GCP-artifact-registry/GCP-save-token-as-secret.png?fit=max&auto=format&n=NPVVeNc6nwDvuBoS&q=85&s=8c93f709bb6a5d0d3d135d0b8c1002b4" alt="GCP Save Token As Secret" width="1102" height="918" data-path="images/GCP-artifact-registry/GCP-save-token-as-secret.png" />
           </Frame>
  </Step>

  <Step title="Create a new repository in Artifact Registry">
    Now that the Minimus token is saved in the Google Secret Manager, you are ready to configure Minimus as a remote repository.

    1. Visit the [Google Artifact Registry landing page](https://console.cloud.google.com/artifacts)
    2. Select **+ Create repository** (top banner):

           <Frame>
             <img src="https://mintcdn.com/gutsy-6162adbc/NPVVeNc6nwDvuBoS/images/GCP-artifact-registry/create-repository.png?fit=max&auto=format&n=NPVVeNc6nwDvuBoS&q=85&s=7a0adbb365607abfd283fe6a3453c07e" alt="Create Repository" width="1670" height="761" data-path="images/GCP-artifact-registry/create-repository.png" />
           </Frame>
    3. Fill in the form:

       1. **Name** the repository, for example, `reg-mini-dev-remote`.
       2. **Format**: Select **Docker** as the format.
       3. **Mode**: Select **Remote** from the available options.
       4. **Remote repository source**: Select **Custom**.
       5. Type in `https://reg.mini.dev` as the custom repository URL.

           <Frame>
             <img src="https://mintcdn.com/gutsy-6162adbc/NPVVeNc6nwDvuBoS/images/GCP-artifact-registry/create-repository-configs.png?fit=max&auto=format&n=NPVVeNc6nwDvuBoS&q=85&s=0d1985c31d174cd9abb98f4c3e97f59c" alt="Create Repository Configs" width="1343" height="1161" data-path="images/GCP-artifact-registry/create-repository-configs.png" />
           </Frame>
  </Step>

  <Step title="Set up authentication">
    1. Still in the same form, under the section **Remote repository authentication mode**, select **Authenticated**.
    2. Fill out the form:
       1. **Username for the upstream registry**: Enter the username `minimus`
       2. **Secret**: Select the name of the secret created in the previous step. 
       3. **Location type**: Select **Region**
       4. Select the region from the list.
       5. Configure the rest of the options, including encryption, cleanup policies, artifact analysis, etc. You can keep the defaults but we recommend that you align with your organizational policies.

    <Frame>
      <img src="https://mintcdn.com/gutsy-6162adbc/NPVVeNc6nwDvuBoS/images/GCP-artifact-registry/GCP-repo-region.png?fit=max&auto=format&n=NPVVeNc6nwDvuBoS&q=85&s=0b4bf43b4bc10fd7a0bd443857f8f2c5" alt="GCP Repo Region" width="1115" height="1102" data-path="images/GCP-artifact-registry/GCP-repo-region.png" />
    </Frame>
  </Step>

  <Step title="Save to create the remote repository">
    Select **Create** at the bottom of the form. If successful, a success message will appear and you will be able to view the remote repository details.
  </Step>
</Steps>

## Pulling Minimus images into Artifact Registry

Now that you've set up the Minimus registry as a remote repository, you are ready to pull Minimus images into your Google Cloud Artifact Registry.

You can either trigger image pulls locally or via Google cloud shell with relative docker access to the Google registry. For purposes of this guide we will show how to use Google Cloud Shell from the Google Cloud Console.

1. Authenticate to Google Cloud Shell from your Google Console. You should see a welcome message such as `Welcome to Cloud Shell!...`.

   <Frame>
     <img src="https://mintcdn.com/gutsy-6162adbc/twqBHW4IhzmvRjLT/images/welcome-google-cloud-shell.png?fit=max&auto=format&n=twqBHW4IhzmvRjLT&q=85&s=df15ec634a1def93a060496920622052" alt="Welcome Google Cloud Shell" width="752" height="45" data-path="images/welcome-google-cloud-shell.png" />
   </Frame>
2. Validate that Docker access is configured locally:

   ```shellscript Command template theme={null}
   #command format
   gcloud auth configure-docker {your-region}

   #example
   gcloud auth configure-docker us-central1-docker.pkg.dev
   ```

   <Frame>
     <img src="https://mintcdn.com/gutsy-6162adbc/mmCHWTveMARaI2qt/images/image5.png?fit=max&auto=format&n=mmCHWTveMARaI2qt&q=85&s=4a75cd5ec9f0cc732ed6f404b7e8321d" alt="Image5" width="795" height="591" data-path="images/image5.png" />
   </Frame>
3. Execute a Docker or Podman pull command:

   <CodeGroup>
     ```shellscript Docker Pull Command wrap theme={null}
     #docker command format
     docker pull {your registry region}/{google-project-id}/{remote-repository-name}/{desired-minimus-image}

     #example
     docker pull us-central1-docker.pkg.dev/acme-project/reg-mini-dev-remote/python:latest
     ```

     ```shellscript Podman Pull Command theme={null}
     #podman command format
     podman pull {your registry region}/{google-project-id}/{remote-repository-name}/{desired-minimus-image}

     #example
     podman pull us-central1-docker.pkg.dev/acme-project/reg-mini-dev-remote/python:latest
     ```
   </CodeGroup>

   <Frame>
     <img src="https://mintcdn.com/gutsy-6162adbc/mmCHWTveMARaI2qt/images/image10.png?fit=max&auto=format&n=mmCHWTveMARaI2qt&q=85&s=a617d70ee9cf32f1fe369eab8c98fb41" alt="Image10" width="941" height="116" data-path="images/image10.png" />
   </Frame>
4. That's it! You have validated that you can pull Minimus images into your Google Cloud Artifact Registry.