Stay organized with collections Save and categorize content based on your preferences.
Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed to your Cloud Run resources. With Binary Authorization, you can require images to be signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring only verified images are integrated into the build-and-release process.
Learn how to set up Binary Authorization for Cloud Run.
Exempt Cloud Run functions images from Binary Authorization policyTo deploy functions in Cloud Run, the Binary Authorization policy administrator must configure a Binary Authorization policy using allowlist patterns to exempt all images from the specified repository and its subdirectories.
Functions using the Cloud Run Admin APIIf you are deploying your function with the gcloud run deploy... command, use this allowlist pattern:
REGION-docker.pkg.dev/PROJECT_ID/cloud-run-source-deploy/**
With the allowlist enabled, deploy your function with Binary Authorization enabled and set to default:
gcloud run deploy YOUR_FUNCTION_NAME \
...
--binary-authorization default
Functions using the Cloud Functions v2 API
If you are deploying your function with the gcloud functions deploy... command, use this allowlist pattern:
REGION-docker.pkg.dev/PROJECT_ID/gcf-artifacts/**
With the allowlist enabled, deploy your function with Binary Authorization enabled and set to default:
gcloud functions deploy YOUR_FUNCTION_NAME \
...
--binary-authorization default
What's next
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-07 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4