# GCP - Artifact Registry Enum

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Basic Information

Google Cloud Artifact Registry is a fully managed service that allows you to **manage, store, and secure your software artifacts**. It's essentially a repository for **storing build dependencies**, such as **Docker** images, **Maven**, npm packages, and other types of artifacts. It's **commonly used in CI/CD pipelines** for storing and versioning the artifacts produced during the software development process.

Key features of Artifact Registry include:

1. **Unified Repository**: It supports **multiple types of artifacts**, allowing you to have a single repository for Docker images, language packages (like Java’s Maven, Node.js’s npm), and other types of artifacts, enabling consistent access controls and a unified view across all your artifacts.
2. **Fully Managed**: As a managed service, it takes care of the underlying infrastructure, scaling, and security, reducing the maintenance overhead for users.
3. **Fine-grained Access Control**: It integrates with Google Cloud’s Identity and Access Management (IAM), allowing you to define who can access, upload, or download artifacts in your repositories.
4. **Geo-replication**: It supports the replication of artifacts across multiple regions, improving the speed of downloads and ensuring availability.
5. **Integration with Google Cloud Services**: It works seamlessly with **other GCP services like Cloud Build, Kubernetes Engine, and Compute Engine**, making it a convenient choice for teams already working within the Google Cloud ecosystem.
6. **Security**: Offers features like **vulnerability scanning and container analysis** to help ensure that the stored artifacts are secure and free from known security issues.

### Formats and Modes

When creating a new repository it's possible to **select a the format/type** of the repository among several like Docker, Maven, npm, Python... and the mode which usually can be one of these three:

* **Standard Repository**: Default mode for **storing your own artifacts** (like Docker images, Maven packages) directly in GCP. It's secure, scalable, and integrates well within the Google Cloud ecosystem.
* **Remote Repository** (if available): Acts as a proxy for **caching artifacts from external**, public repositories. It helps prevent issues from dependencies changing upstream and reduces latency by caching frequently accessed artifacts.
* **Virtual Repository** (if available): Provides a **unified interface to access multiple (standard or remote) repositories** through a single endpoint, simplifying client-side configuration and access management for artifacts spread across various repositories.
  * For a virtual repository you will need to **select repositories and give them a priority** (the repo with the largest priority will be used).
  * You can **mix remote and standard** repositories in a **virtual** one, if the **priority** of the **remote** is **bigger** than the standard, **packages from remote (PyPi for example) will be used**. This could lead to a **Dependency Confusion.**

Note that in the **Remote version of Docker** it's possible to give a username and token to access Docker Hub. The **token is then stored in the Secret Manager**.

### Encryption

As expected, by default a Google-managed key is used but a Customer-managed key can be indicated (CMEK).

### Cleanup Policies

* **Delete artifacts:** Artifacts will be **deleted according to cleanup policy** criteria.
* **Dry run:** (Default one) Artifacts will **not be deleted**. Cleanup policies will be evaluated, and test delete events sent to Cloud Audit Logging.

### Vulnerability Scanning

It's possible to enable the **vulnerability scanner** which will check for vulnerabilities inside **container images**.

### Enumeration

```bash
# Get repositories
gcloud artifacts repositories list
gcloud artifacts repositories describe --location <location> <repo-name>
gcloud artifacts versions list --repository=<repo-name> -location <location> --package <package-name>

# Get settings of a repository (example using python but could be other)
gcloud artifacts print-settings python --repository <repo-name> --location <location>

# Get docker images
gcloud artifacts docker images list us-central1-docker.pkg.dev/<proj-name>/<repo-name>

# Get packages (like python and others...)
gcloud artifacts packages list --repository <repo-name> --location <location>

# Get SBOMB artifacts
gcloud artifacts sbom list

# Get vulnerabilities (docker images)
gcloud artifacts vulnerabilities list us-east1-docker.pkg.dev/project123/repository123/someimage@sha256:49765698074d6d7baa82f
gcloud artifacts docker images list-vulnerabilities projects/<proj-name>/locations/<location>/scans/<scan-uuid>
```

### Privilege Escalation

{% content-ref url="../gcp-privilege-escalation/gcp-artifact-registry-privesc.md" %}
[gcp-artifact-registry-privesc.md](../gcp-privilege-escalation/gcp-artifact-registry-privesc.md)
{% endcontent-ref %}

### Unauthenticated Access

{% content-ref url="../gcp-unauthenticated-enum-and-access/gcp-artifact-registry-unauthenticated-enum.md" %}
[gcp-artifact-registry-unauthenticated-enum.md](../gcp-unauthenticated-enum-and-access/gcp-artifact-registry-unauthenticated-enum.md)
{% endcontent-ref %}

### Post-Exploitation

{% content-ref url="../gcp-post-exploitation/gcp-artifact-registry-post-exploitation.md" %}
[gcp-artifact-registry-post-exploitation.md](../gcp-post-exploitation/gcp-artifact-registry-post-exploitation.md)
{% endcontent-ref %}

### Persistence

{% content-ref url="../gcp-persistence/gcp-artifact-registry-persistence.md" %}
[gcp-artifact-registry-persistence.md](../gcp-persistence/gcp-artifact-registry-persistence.md)
{% endcontent-ref %}

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}