# general


02/27/2019, 5:43 PM
Has anything changed recently in terms of how
interacts with GCP container registry based on your credentials? I'm using a service account with full project permissions but am unable to push docker images:
Caller does not have permission 'storage.buckets.create'. To configure permissions, follow instructions at: <>
. In the past this just worked and I didn't have to go through any extra steps or set up to be able to push up images


02/27/2019, 6:19 PM
I'm not aware of anything changing on our side. Certainly nothing has changed in
. Are you relying on ambient credentials configured via
, or are you passing credentials through expciitly (I seem to recall the GCR only supports the former?)?


02/27/2019, 7:11 PM
Yeah thanks for the hint I figured it out. Had some stuff left over in my local .docker/config.json that was attempting to pull
into the picture
Is there a way with Pulumi to be able to access the $GOOGLE_CREDENTIALS that are being used by the program to authenticate with the Container Registry? I want to avoid having to explicitly read in the key file and pass it through with the docker image registry configuration in Pulumi since I'm already using a Service Account for deployments that has the right permissions