diff --git a/infra/gcp/bash/ensure-main-project.sh b/infra/gcp/bash/ensure-main-project.sh
index dd20ebb31c0..a1261dcf26c 100755
--- a/infra/gcp/bash/ensure-main-project.sh
+++ b/infra/gcp/bash/ensure-main-project.sh
@@ -73,6 +73,7 @@ readonly DNS_GROUP="k8s-infra-dns-admins@kubernetes.io"
 # - entry syntax is "bucket_name:owners_group" (: is invalid bucket name char)
 readonly TERRAFORM_STATE_BUCKET_ENTRIES=(
     "${LEGACY_CLUSTER_TERRAFORM_BUCKET}:${CLUSTER_ADMINS_GROUP}"
+    k8s-staging-authenticated-test-tf:"${CLUSTER_ADMINS_GROUP}"
     k8s-infra-tf-aws:k8s-infra-aws-admins@kubernetes.io
     k8s-infra-tf-fastly:k8s-infra-fastly-admins@kubernetes.io
     k8s-infra-tf-gcp:k8s-infra-gcp-org-admins@kubernetes.io
diff --git a/infra/gcp/infra.yaml b/infra/gcp/infra.yaml
index 85feec65ee5..c2c101c9994 100644
--- a/infra/gcp/infra.yaml
+++ b/infra/gcp/infra.yaml
@@ -345,3 +345,5 @@ infra:
       k8s-staging-win-op-rdnss:
       k8s-staging-gcb-untrusted:
         managed_by: infra/gcp/bash/ensure-staging-gcb-untrusted.sh
+      k8s-staging-authenticated-test:
+        managed_by: infra/gcp/terraform/k8s-staging-authenticated-test/main.tf
diff --git a/infra/gcp/terraform/k8s-staging-authenticated-test/README.md b/infra/gcp/terraform/k8s-staging-authenticated-test/README.md
new file mode 100644
index 00000000000..4c8ce172b7d
--- /dev/null
+++ b/infra/gcp/terraform/k8s-staging-authenticated-test/README.md
@@ -0,0 +1,3 @@
+# k8s-staging-authenticated-test
+
+This projects holds docker images that are used to test private image pulls.
diff --git a/infra/gcp/terraform/k8s-staging-authenticated-test/images.tf b/infra/gcp/terraform/k8s-staging-authenticated-test/images.tf
new file mode 100644
index 00000000000..f49fe51dc13
--- /dev/null
+++ b/infra/gcp/terraform/k8s-staging-authenticated-test/images.tf
@@ -0,0 +1,43 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Enable services needed for the project
+resource "google_project_service" "project" {
+  project = google_project.project.id
+
+  for_each = toset([
+    "artifactregistry.googleapis.com",
+  ])
+
+  service = each.key
+}
+
+// Create the docker registry
+resource "google_artifact_registry_repository" "images" {
+  location      = "us-central1"
+  project       = google_project_service.project
+  repository_id = "images"
+  description   = "e2e private pulls testing"
+  format        = "DOCKER"
+}
+
+resource "google_artifact_registry_repository_iam_member" "member" {
+  project    = google_artifact_registry_repository.images.project
+  location   = google_artifact_registry_repository.images.location
+  repository = google_artifact_registry_repository.images.name
+  role       = "roles/artifactregistry.reader"
+  member     = "allAuthenticatedUsers"
+}
diff --git a/infra/gcp/terraform/k8s-staging-authenticated-test/provider.tf b/infra/gcp/terraform/k8s-staging-authenticated-test/provider.tf
new file mode 100644
index 00000000000..fb7dfad0dbc
--- /dev/null
+++ b/infra/gcp/terraform/k8s-staging-authenticated-test/provider.tf
@@ -0,0 +1,32 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+terraform {
+  backend "gcs" {
+    bucket = "k8s-staging-authenticated-test-tf"
+  }
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.38.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 4.38.0"
+    }
+  }
+}
diff --git a/infra/gcp/terraform/k8s-staging-authenticated-test/terraform.tfvars b/infra/gcp/terraform/k8s-staging-authenticated-test/terraform.tfvars
new file mode 100644
index 00000000000..0c136fe6792
--- /dev/null
+++ b/infra/gcp/terraform/k8s-staging-authenticated-test/terraform.tfvars
@@ -0,0 +1,17 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+project_id = "k8s-staging-authenticated-test"
diff --git a/infra/gcp/terraform/k8s-staging-authenticated-test/variables.tf b/infra/gcp/terraform/k8s-staging-authenticated-test/variables.tf
new file mode 100644
index 00000000000..43ab50fcc0d
--- /dev/null
+++ b/infra/gcp/terraform/k8s-staging-authenticated-test/variables.tf
@@ -0,0 +1,19 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+variable "project_id" {
+  type = string
+}
diff --git a/infra/gcp/terraform/k8s-staging-authenticated-test/versions.tf b/infra/gcp/terraform/k8s-staging-authenticated-test/versions.tf
new file mode 100644
index 00000000000..03a7450e90d
--- /dev/null
+++ b/infra/gcp/terraform/k8s-staging-authenticated-test/versions.tf
@@ -0,0 +1,24 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+/*
+This file defines:
+- Required Terraform version
+*/
+
+terraform {
+  required_version = "~> 1.2.0"
+}