> ## Documentation Index
> Fetch the complete documentation index at: https://docs.backline.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Google Artifact Registry Integration
> Connect to your Google Artifact Registry to access private packages
## Overview
The Google Artifact Registry (GAR) integration allows Backline to access packages from your Google Artifact Registry. This is required for Backline to build and analyze projects that depend on private packages hosted in Google Artifact Registry.
## What You Can Do
With the GAR integration, Backline can:
* Resolve packages from your Google Artifact Registry
* Build and analyze projects that depend on packages in your GAR
* Provide remediation for vulnerabilities in projects using GAR as their package source
## Prerequisites
Before connecting GAR, ensure you have:
* A Google Cloud account with Artifact Registry repositories
* The Artifact Registry API enabled for your project
* Permissions to create service accounts and assign roles
## Enabling the Artifact Registry API
Enable the Artifact Registry API for the Google account you plan on integrating with Backline.
Go to the [Artifact Registry API page](https://console.cloud.google.com/apis/library/artifactregistry.googleapis.com) in the Google Cloud Console.
Select the Google project for which you want to enable the API.
Click **Enable**.
Allow a few minutes for Google to propagate the enablement before proceeding.
## Creating a Service Account
To enable permissions for GAR integration, you need to create a service account with the appropriate roles.
Go to the [Google Cloud Console Credentials page](https://console.cloud.google.com/apis/credentials).
Select the Google project for which you are creating credentials if it is not already selected.
Click the **Create Credentials** button and select **Service Account**.
Give the new service account a unique name and ID, then click **Create and Continue**.
On the Service account permissions page:
1. Click **Select a role** and choose **Artifact Registry Reader**
2. Click **Add another role**
3. Add a role that has the `resourcemanager.projects.list` permission, such as **Browser** or **Viewer**
4. Click **Continue**, then **Done**
The **Browser** role provides minimal permissions while still allowing project listing. Use **Viewer** if you need broader read access.
1. In the [Service Accounts section](https://console.cloud.google.com/iam-admin/serviceaccounts), click on the service account you just created
2. Go to the **Keys** tab
3. Click **Add Key** → **Create new key**
4. Select **JSON** as the key type
5. Click **Create**
The JSON key file will be downloaded automatically.
Store the JSON key securely. You'll need it when configuring the integration in Backline. This key provides access to your Artifact Registry.
## Required Permissions
The service account requires the following roles:
| Role | Purpose |
| ---------------------------- | ------------------------------------------------------- |
| **Artifact Registry Reader** | Read access to packages and repositories |
| **Browser** or **Viewer** | Required for `resourcemanager.projects.list` permission |
Follow the principle of least privilege by using the **Browser** role instead of **Viewer** when possible. Backline only needs to read packages, not modify them.
## Connecting GAR
In Backline, navigate to **Integrations** from the main menu.
Find and click on the **Google Artifact Registry** integration card.
Upload or paste the contents of the JSON key file you generated earlier.
Click **Connect**. Backline will verify the credentials and repository access.
## After Connection
Once GAR is configured, Backline will:
1. Use the provided service account to authenticate with Google Artifact Registry
2. Access packages from your GAR repositories during dependency analysis
3. Provide remediation for projects that depend on packages in your GAR
## Managing the Integration
### Updating Configuration
To update the integration settings:
1. Open the **Integration Hub**
2. Click on the **Google Artifact Registry** integration
3. Upload a new JSON key if needed
4. Click **Save**
### Rotating Keys
To rotate the service account key:
1. Generate a new JSON key in the Google Cloud Console (following the steps above)
2. Update the key in Backline
3. Delete the old key from the Google Cloud Console
Regularly rotating service account keys is a security best practice.
### Disconnecting
To remove the GAR integration:
1. Go to the **Integration Hub**
2. Click on the **Google Artifact Registry** integration
3. Select **Disconnect**
4. Confirm your choice
Disconnecting will prevent Backline from accessing packages in your Google Artifact Registry. Dependency analysis and remediation for projects using private packages may be affected.
## Troubleshooting
### Authentication Failed
If Backline cannot authenticate with Google Cloud:
* Verify the JSON key file is valid and not corrupted
* Check that the service account hasn't been deleted
* Ensure the key hasn't been revoked in the Google Cloud Console
### Permission Denied
If Backline cannot access repositories:
* Verify the service account has the **Artifact Registry Reader** role
* Check that the **Browser** or **Viewer** role is assigned
* Ensure the Artifact Registry API is enabled for your project
### Package Resolution Issues
If specific packages cannot be resolved:
* Verify the package exists in your Google Artifact Registry
* Check that the service account has access to the correct project
* Allow a few minutes for the API enablement to propagate