This page describes how to configure authentication with an Artifact Registry Ruby gem repository.
You must authenticate to Artifact Registry when you use a third-party application to connect to a repository.
You don't need to configure authentication for Cloud Build or Google Cloud runtime environments such as Google Kubernetes Engine and Cloud Run.
Before you begin
- If the target repository doesn't exist, create a Ruby gem repository .
- Verify that Ruby is installed. For installation instructions, see the Google Cloud tutorial for setting up Ruby .
- Verify that the user account or service account you are using has the required permissions to access the repository.
-
Install the Google Cloud CLI. After installation, initialize the Google Cloud CLI by running the following command:
gcloud init
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .
- (Optional) Configure defaults for gcloud CLI commands .
Overview
Ruby supports two methods for authenticating requests to your Artifact Registry repository:
- RubyGems CLI: Supports push and pull requests. This CLI is available with Ruby by default. When you authenticate with RubyGems, you must authenticate each time you make a push or pull request to your repository.
-
Bundler CLI: Supports pull requests. Bundler stores packages and upstreams in a gemfile, which allows users to standardize setups across multiple machines without needing to authenticate each individual pull request. However, you must still reauthenticate your credentials to Bundler occasionally.
To install the Bundler CLI, enter
gem install bundler.
Authenticate with the RubyGems CLI
The RubyGems CLI uses OAuth tokens to authenticate a request. To pass OAuth tokens to calls to your Artifact Registry repositories, you must first generate the token and then pass it with the address of your repository when you make a request. For example, the following command shows how to authenticate a push request:
export
GEM_TOKEN
=
"oauth2accesstoken:
$(
gcloud
auth
print-access-token )
"
gem
push
GEM_NAME
--source
https:// $GEM_TOKEN
@ LOCATION
-ruby.pkg.dev/ PROJECT
/ REPOSITORY
Where:
- GEM_NAME is the name of the gem for which the request is made.
- LOCATION is the regional or multi-regional location for the repository.
- PROJECT is the project ID. If this flag is omitted, the current or default project is used.
- REPOSITORY is the ID of the repository. If you configured a default Artifact Registry repository, it is used when this flag is omitted from the command.
Authenticate with Bundler
The Ruby Bundler manages application dependencies across one or more gems. To set up Bundler, do the following:
-
Add the address of your repository as a
sourcein your gemfile:# Gemfile # <...> source "https:// LOCATION -ruby.pkg.dev/ PROJECT / REPOSITORY " -
Authenticate to your repository by using
bundle config:export GEM_TOKEN = "oauth2accesstoken: $( gcloud auth print-access-token ) " export HOST = "https:// LOCATION -ruby.pkg.dev/ PROJECT / REPOSITORY " bundle config $HOST $GEM_TOKEN
Where:
- LOCATION is the regional or multi-regional location for the repository.
- PROJECT is the project ID. If this flag is omitted, the current or default project is used.
- REPOSITORY is the ID of the repository. If you configured a default Artifact Registry repository, it is used when this flag is omitted from the command.
You will need to reauthenticate to your remote repository occasionally. In this event, run the same authentication command from Step 2.
For more information about configuring Bundler, see Gemfiles in the bundler.io documentation.
