plugins {
id "com.google.cloud.artifactregistry.gradle-plugin" version "2.2.0"
}
Authenticate using password
Authenticate using
password when your
Java application requires authentication with a specified username and password.
Depending on your build tool, change settings according to the following instructions:
Maven
Add the following authentication settings in the settings section of the
~/.m2/settings.xml file. See the Maven Settings reference for more
information. If the ~/.m2/settings.xml file doesn't exist, then create a new
file.
Replace KEY with the base64-encoding of entire service
account JSON key file. To do this, run the following command:
cat KEY_FILE_LOCATION | base64
Replace KEY_FILE_LOCATION with the location of the service account JSON key
file.
Gradle
Add the following line to your ~/.gradle/gradle.properties file so that
the key is not visible in your builds or your source control repository.
artifactRegistryMavenSecret = KEY
Replace KEY with the private key from your service account JSON
key file. For json_key_base64, the artifactRegistryMavenSecret contains the
base64 encrypted password. For example, base64 -w 0 KEY.
In the build.gradle file, specify the repository settings using the following example:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Download Java packages using direct repository access\n\n| Enterprise [service tier](/security-command-center/docs/service-tiers)\n\nAfter you [integrate Assured OSS with\nSecurity Command Center](/security-command-center/docs/integrate-aoss-with-scc), Assured Open Source Software packages are hosted in an Artifact Registry\nrepository that is created in a project that you control.\n\nThis page explains how you can connect to the Artifact Registry repository for\nAssured OSS to directly access and download the Java packages.\n\nThis document applies to the Assured OSS premium tier only. For\nthe free tier, see [Download Java packages using direct repository access for\nthe free tier](/assured-open-source-software/docs/download-java-packages).\n\nBefore you begin\n----------------\n\n1. [Integrate Assured OSS with\n Security Command Center](/security-command-center/docs/integrate-aoss-with-scc).\n\n2. [Validate connectivity](/assured-open-source-software/docs/validate-connection)\n to Assured OSS for the requested service accounts.\n\n3. Install the latest version of the [Google Cloud CLI](/sdk/docs/install).\n\n4. If you have installed the Google Cloud CLI previously, make sure you have the\n latest version by running the command:\n\n gcloud components update\n\nSet up authentication\n---------------------\n\nArtifact Registry supports the following authentication methods:\n\n- Authentication with a credential helper\n- Authentication with a password\n\nThe following sections describe how to set up these authentication methods.\n\n### Authenticate with a credential helper\n\nArtifact Registry provides a\n[Maven wagon](https://search.maven.org/artifact/com.google.cloud.artifactregistry/artifactregistry-maven-wagon)\nand a\n[Gradle plugin](https://plugins.gradle.org/plugin/com.google.cloud.artifactregistry.gradle-plugin)\nto use as\n[credential helpers](/artifact-registry/docs/java/authentication#auth-helper).\nThis option provides the most flexibility.\n\nTo set up [Application Default Credentials](/docs/authentication#adc), see\n[Set up authentication](/assured-open-source-software/docs/validate-connection#set_up_authentication).\n\n#### Set up your credential helpers\n\nIf you're using a credential helper to set up authentication, make the following\nchanges based on the build tool. \n\n### Maven\n\n \u003cproject\u003e\n \u003cbuild\u003e\n \u003cextensions\u003e\n \u003cextension\u003e\n \u003cgroupId\u003ecom.google.cloud.artifactregistry\u003c/groupId\u003e\n \u003cartifactId\u003eartifactregistry-maven-wagon\u003c/artifactId\u003e\n \u003cversion\u003e2.2.0\u003c/version\u003e\n \u003c/extension\u003e\n \u003c/extensions\u003e\n \u003c/build\u003e\n \u003c/project\u003e\n\n### Gradle\n\n plugins {\n id \"com.google.cloud.artifactregistry.gradle-plugin\" version \"2.2.0\"\n }\n\n### Authenticate using password\n\n[Authenticate using\npassword](/artifact-registry/docs/java/authentication#auth-password) when your\nJava application requires authentication with a specified username and password.\nDepending on your build tool, change settings according to the following instructions: \n\n### Maven\n\nAdd the following authentication settings in the `settings` section of the\n`~/.m2/settings.xml` file. See the [Maven Settings](https://maven.apache.org/settings.html#Servers) reference for more\ninformation. If the `~/.m2/settings.xml` file doesn't exist, then create a new\nfile. \n\n \u003csettings\u003e\n \u003cservers\u003e\n \u003cserver\u003e\n \u003cid\u003eartifact-registry\u003c/id\u003e\n \u003cconfiguration\u003e\n \u003chttpConfiguration\u003e\n \u003cget\u003e\n \u003cusePreemptive\u003etrue\u003c/usePreemptive\u003e\n \u003c/get\u003e\n \u003chead\u003e\n \u003cusePreemptive\u003etrue\u003c/usePreemptive\u003e\n \u003c/head\u003e\n \u003cput\u003e\n \u003cparams\u003e\n \u003cproperty\u003e\n \u003cname\u003ehttp.protocol.expect-continue\u003c/name\u003e\n \u003cvalue\u003efalse\u003c/value\u003e\n \u003c/property\u003e\n \u003c/params\u003e\n \u003c/put\u003e\n \u003c/httpConfiguration\u003e\n \u003c/configuration\u003e\n \u003cusername\u003e_json_key_base64\u003c/username\u003e\n \u003cpassword\u003e\u003cvar translate=\"no\"\u003eKEY\u003c/var\u003e\u003c/password\u003e\n \u003c/server\u003e\n \u003c/servers\u003e\n \u003c/settings\u003e\n\nReplace \u003cvar translate=\"no\"\u003eKEY\u003c/var\u003e with the base64-encoding of entire service\naccount JSON key file. To do this, run the following command: \n\n cat \u003cvar translate=\"no\"\u003eKEY_FILE_LOCATION \u003c/var\u003e | base64\n\nReplace \u003cvar translate=\"no\"\u003eKEY_FILE_LOCATION\u003c/var\u003e with the location of the service account JSON key\nfile.\n\n### Gradle\n\nAdd the following line to your `~/.gradle/gradle.properties` file so that\nthe key is not visible in your builds or your source control repository. \n\n artifactRegistryMavenSecret = \u003cvar translate=\"no\"\u003eKEY\u003c/var\u003e\n\nReplace \u003cvar translate=\"no\"\u003eKEY\u003c/var\u003e with the private key from your service account JSON\nkey file. For `json_key_base64`, the `artifactRegistryMavenSecret` contains the\nbase64 encrypted password. For example, `base64 -w 0 KEY`.\n\nIn the `build.gradle` file, specify the repository settings using the following example: \n\n repositories {\n maven {\n url \"artifactregistry://us-maven.pkg.dev/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/assuredoss-java\"\n credentials {\n username = \"_json_key_base64\"\n password = \"$artifactRegistryMavenSecret\"\n }\n authentication {\n basic(BasicAuthentication)\n }\n }\n }\n\nReplace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of the project that you selected when you set up Assured Open Source Software.\n\nUpdate the project configuration file to point to the repository\n----------------------------------------------------------------\n\n### Maven\n\nAdd the following settings to the appropriate section in the `pom.xml` file for\nyour Maven project. Don't replace the authentication settings. \n\n \u003cproject\u003e\n \u003crepositories\u003e\n \u003crepository\u003e\n \u003cid\u003eartifact-registry\u003c/id\u003e\n \u003curl\u003eartifactregistry://us-maven.pkg.dev/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/assuredoss-java\u003c/url\u003e\n \u003creleases\u003e\n \u003cenabled\u003etrue\u003c/enabled\u003e\n \u003c/releases\u003e\n \u003csnapshots\u003e\n \u003cenabled\u003efalse\u003c/enabled\u003e\n \u003c/snapshots\u003e\n \u003c/repository\u003e\n \u003c/repositories\u003e\n \u003c/project\u003e\n\nReplace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of the project that you selected when you set up Assured Open Source Software.\n\nSee the Maven [POM reference](https://maven.apache.org/pom.html) for\ndetails about the structure of the file.\n\n### Gradle\n\nSpecify the following repository settings in your `build.gradle` file. Don't\nreplace the authentication settings. \n\n repositories {\n maven {\n url \"artifactregistry://us-maven.pkg.dev/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/assuredoss-java\"\n }\n }\n\nReplace \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e with the ID of the project that you selected when you set up Assured Open Source Software.\n\nUpdate the project configuration file to add dependencies\n---------------------------------------------------------\n\nTo download an artifact as a part of your build, the artifact must be declared\nas a dependency. \n\n### Maven\n\nDeclare the packages that you want to download in the `pom.xml` file for your\nMaven project. \n\n \u003cdependency\u003e\n \u003cgroupId\u003eorg.apache.logging.log4j\u003c/groupId\u003e\n \u003cartifactId\u003elog4j-api\u003c/artifactId\u003e\n \u003cversion\u003e2.17.1\u003c/version\u003e\n \u003c/dependency\u003e\n\n### Gradle\n\nDeclare the packages that you want to download in your `build.gradle` file. \n\n dependencies {\n compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1'\n }\n\nList all Java packages available in Assured OSS\n-----------------------------------------------\n\nTo use an\n[API](/artifact-registry/docs/reference/rest/v1/projects.locations.repositories.mavenArtifacts/list)\nto get a list of all the Java packages available in the Artifact Registry\nrepository, see\n[List all Java packages available in Security Command Center](/assured-open-source-software/docs/validate-connection#list_all_java_packages_available_in).\n\nWhat's next\n-----------\n\n- [Download Python packages using direct repository access in the premium tier](/security-command-center/docs/aoss-download-python-packages)\n- [Access security metadata and verify packages in the premium tier](/security-command-center/docs/aoss-access-security-metadata)"]]