For GCP Artifact Registry, you can use a service account JSON key to authenticate with your private registry.

Authenticate Docker

First, authenticate Docker with your service account key: 
# Authenticate Docker with your service account key
cat key-file.json | docker login -u _json_key --password-stdin https://<location>-docker.pkg.dev

Configure Image Pull Secrets

Create image credentials in Pipecat Cloud using the same service account: 
pcc secrets image-pull-secret my-gcp-credentials https://<location>-docker.pkg.dev
When prompted, enter:
  • Username: _json_key
  • Password: The contents of your service account JSON key file

Configure Your Deployment

Create a pcc-deploy.toml file with your Artifact Registry image configuration: 
agent_name = "my-gcp-agent"
image = "<location>-docker.pkg.dev/<project-id>/<repo-name>/my-agent:0.1"
secret_set = "my-agent-secrets"
image_credentials = "my-gcp-credentials"

[scaling]
    min_instances = 0

Build and Push to Artifact Registry

Build and push your agent image using the Pipecat Cloud CLI: 
# Build and push using your pcc-deploy.toml configuration
pcc docker build-push
This command automatically builds for the correct platform (linux/arm64) and pushes to your configured Artifact Registry repository.

Deploy Your Agent

Deploy using your configured pcc-deploy.toml: 
pcc deploy

Configuration Reference

Replace the following placeholders with your actual values:
  • <location> with your Artifact Registry location (e.g., us-central1, asia-east1)
  • <project-id> with your Google Cloud project ID
  • <repo-name> with your Artifact Registry repository name
  • key-file.json with the path to your service account JSON key file
The service account used for image credentials should have the Artifact Registry Reader role or equivalent permissions to pull images from your private repository.