Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Google cloud registry authentication for pushing images

Jeroen Benckhuijsen
Jeroen Benckhuijsen August 12, 2025

Hi,

 

As per https://support.atlassian.com/bitbucket-cloud/docs/use-docker-images-as-build-environments/#Private-images-hosted-by-Google-Container-Registry--GCR- I've configured my build to use a custom image to build my application. So basically, I've included this in my build:

image:
  name: [region].gcr.io/<project>/image:latest
  username: _json_key
  password: '$GCR_JSON_KEY'

The image is pulled correctly and the build runs.

As part of that pipeline, a resulting image is pushed to the same registry as the build image was pulled from. I.e.

docker push <region>.gcr.io/[project]/application-image:$BITBUCKET_COMMIT

I would've expected that the authentication to that host is reused from pulling the image, but that's not the case. Docker indicates that the request as unauthenticated.

Is this not possible, is this just a setting I'm missing? I can obviously work around this by redoing the auth, but seems a bit duplicate.

tnx

Answer
Watch
Like Be the first to like this
54 views

1 answer

1 accepted

1 vote
Answer accepted
Ayla
Ayla
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 12, 2025

Hi Jeroen,

Thanks for sharing your setup! What you're experiencing is a common scenario. Unfortunately, Docker does not automatically reuse authentication tokens between docker pull and docker push commands in pipelines, even if they target the same registry.

So while your image pulls correctly using the credentials you provided, the push step requires its own explicit authentication. This isn’t specific to Bitbucket pipelines or GCR — it’s just how Docker’s auth works.

You’ll need to explicitly authenticate before pushing the image, for example by running:

bash
Copy
Edit
echo $GCR_JSON_KEY | docker login -u _json_key --password-stdin https://[region].gcr.io
before your push command. This extra login step is necessary to ensure your push request is properly authenticated.

Hope this helps clarify things!

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security