Build cleanup policies for container images and language packages.
Last verified: May 2026
Output will appear here...The GCP Artifact Registry Cleanup Policy Builder helps you create cleanup policies that automatically delete old or unused container images and other artifacts from Google Artifact Registry repositories. Without cleanup policies, repositories grow indefinitely, increasing storage costs. This tool guides you through defining rules based on tag status, age, and version count, generating the policy configuration for deployment via gcloud or Terraform.
Cleanup policies evaluate based on image age and tag status, not active deployment status. Images currently deployed in GKE or Cloud Run could be deleted if they match a cleanup rule. Use tag-based keep rules to protect images with specific tags like 'production' or 'stable' from deletion.
Artifact Registry is Google's next-generation artifact management service replacing Container Registry (GCR). Artifact Registry cleanup policies are a built-in feature with native support for keep and delete rules. GCR required custom scripts or third-party tools like gcr-cleaner for image cleanup.
Your team's Artifact Registry storage bill jumped to $400/month across 15 repositories. Audit reveals 70% of storage is untagged images from CI builds dating back 18 months. The builder helps you create a standard cleanup policy: Keep tags matching 'v\d+\.\d+\.\d+' (semver releases) indefinitely, Keep last 5 versions of any tag, Delete untagged images >14 days old. Apply via Terraform across all 15 repos. After 1 week of dry-run validation and 1 month of enforcement, storage drops to 80 GB. New monthly cost: $8.
The builder constructs Artifact Registry cleanup policy JSON with multiple rules per repo, each containing: action (DELETE or KEEP), condition (tagState: TAGGED/UNTAGGED/ANY, tagPrefixes, packageNamePrefixes, versionNamePrefixes, olderThan duration), and most-recent-versions filter. Output is gcloud artifacts repositories set-cleanup-policies commands and Terraform google_artifact_registry_repository.cleanup_policies blocks.
Always pair a Delete rule (e.g., 'delete untagged >7 days old') with a Keep rule (e.g., 'keep tag matching v.* indefinitely'). Without an explicit Keep, you risk an aggressive Delete rule misclassifying production-tagged images. Layered rules are safer than complex single-rule conditions.
Cleanup policies have dry-run mode — they report what WOULD be deleted without actually deleting. Always run dry-run for at least one full evaluation cycle (24-48 hours) before enabling real deletions. The dry-run report often surfaces forgotten images that ARE in use somewhere obscure.
Don't enable cleanup on the same Artifact Registry repo that stores your CI build cache (intermediate Docker layers). The cleanup policy will delete layers actively referenced by recent builds, causing CI failures. Use a separate repo for build cache OR exclude it from the policy.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.