1podman-push(1) General Commands Manual podman-push(1)
2
6 podman-push - Push an image, manifest list or image index from local
7 storage to elsewhere
8
11 podman push [options] image [destination]
12 podman image push [options] image [destination]
15
18 Pushes an image, manifest list or image index from local storage to a
19 specified destination.
20
23 Images are pushed from those stored in local image storage.
24
27 DESTINATION is the location the container image is pushed to. It sup‐
28 ports all transports from containers-transports(5). If no transport is
29 specified, the docker (i.e., container registry) transport is used.
30 For remote clients, including Mac and Windows (excluding WSL2) ma‐
31 chines, docker is the only supported transport.
32 # Push to a container registry
35 $ podman push quay.io/podman/stable
36 # Push to a container registry via the docker transport
38 $ podman push docker://quay.io/podman/stable
39 # Push to a container registry with another tag
41 $ podman push myimage quay.io/username/myimage
42 # Push to a local directory
44 $ podman push myimage dir:/tmp/myimage
45 # Push to a tarball in the docker-archive format
47 $ podman push myimage docker-archive:/tmp/myimage
48 # Push to a local docker daemon
50 $ sudo podman push myimage docker-daemon:docker.io/library/myimage:33
51 # Push to a tarball in the OCI format
53 $ podman push myimage oci-archive:/tmp/myimage
54
58 --authfile=path
59 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
60 ers/auth.json on Linux, and $HOME/.config/containers/auth.json on Win‐
61 dows/macOS. The file is created by podman login. If the authorization
62 state is not found there, $HOME/.docker/config.json is checked, which
63 is set using docker login.
64 Note: There is also the option to override the default path of the au‐
67 thentication file by setting the REGISTRY_AUTH_FILE environment vari‐
68 able. This can be done with export REGISTRY_AUTH_FILE=path.
69 --cert-dir=path
72 Use certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
73 istry. (Default: /etc/containers/certs.d) For details, see containers-
74 certs.d(5). (This option is not available with the remote Podman
75 client, including Mac and Windows (excluding WSL2) machines)
76 --compress
79 Compress tarball image layers when pushing to a directory using the
80 'dir' transport. (default is same compression type, compressed or un‐
81 compressed, as source)
82 Note: This flag can only be set when using the dir transport
85 --compression-format=gzip | zstd | zstd:chunked
88 Specifies the compression format to use. Supported values are: gzip,
89 zstd and zstd:chunked. The default is gzip unless overridden in the
90 containers.conf file.
91 --compression-level=level
94 Specifies the compression level to use. The value is specific to the
95 compression algorithm used, e.g. for zstd the accepted values are in
96 the range 1-20 (inclusive) with a default of 3, while for gzip it is
97 1-9 (inclusive) and has a default of 5.
98 --creds=[username[:password]]
101 The [username[:password]] to use to authenticate with the registry, if
102 required. If one or both values are not supplied, a command line
103 prompt appears and the value can be entered. The password is entered
104 without echo.
105 Note that the specified credentials are only used to authenticate
108 against target registries. They are not used for mirrors or when the
109 registry gets rewritten (see containers-registries.conf(5)); to authen‐
110 ticate against those consider using a containers-auth.json(5) file.
111 --digestfile=Digestfile
114 After copying the image, write the digest of the resulting image to the
115 file.
116 --disable-content-trust
119 This is a Docker-specific option to disable image verification to a
120 container registry and is not supported by Podman. This option is a
121 NOOP and provided solely for scripting compatibility.
122 --encrypt-layer=layer(s)
125 Layer(s) to encrypt: 0-indexed layer indices with support for negative
126 indexing (e.g. 0 is the first layer, -1 is the last layer). If not de‐
127 fined, encrypts all layers if encryption-key flag is specified.
128 --encryption-key=key
131 The [protocol:keyfile] specifies the encryption protocol, which can be
132 JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material
133 required for image encryption. For instance, jwe:/path/to/key.pem or
134 pgp:admin@example.com or pkcs7:/path/to/x509-file.
135 --force-compression
138 If set, push uses the specified compression algorithm even if the des‐
139 tination contains a differently-compressed variant already. Defaults
140 to true if --compression-format is explicitly specified on the command-
141 line, false otherwise.
142 --format, -f=format
145 Manifest Type (oci, v2s2, or v2s1) to use when pushing an image.
146 --quiet, -q
149 When writing the output image, suppress progress output
150 --remove-signatures
153 Discard any pre-existing signatures in the image.
154 --sign-by=key
157 Add a “simple signing” signature at the destination using the specified
158 key. (This option is not available with the remote Podman client, in‐
159 cluding Mac and Windows (excluding WSL2) machines)
160 --sign-by-sigstore=*param-file***
163 Add a sigstore signature based on further options specified in a con‐
164 tainer's sigstore signing parameter file param-file. See containers-
165 sigstore-signing-params.yaml(5) for details about the file format.
166 --sign-by-sigstore-private-key=path
169 Add a sigstore signature at the destination using a private key at the
170 specified path. (This option is not available with the remote Podman
171 client, including Mac and Windows (excluding WSL2) machines)
172 --sign-passphrase-file=path
175 If signing the image (using either --sign-by or --sign-by-sigstore-pri‐
176 vate-key), read the passphrase to use from the specified path.
177 --tls-verify
180 Require HTTPS and verify certificates when contacting registries (de‐
181 fault: true). If explicitly set to true, TLS verification is used. If
182 set to false, TLS verification is not used. If not specified, TLS ver‐
183 ification is used unless the target registry is listed as an insecure
184 registry in containers-registries.conf(5)
185
188 This example pushes the image specified by the imageID to a local di‐
189 rectory in docker format.
190 # podman push imageID dir:/path/to/image
193 This example pushes the image specified by the imageID to a local di‐
196 rectory in oci format.
197 # podman push imageID oci-archive:/path/to/layout:image:tag
200 This example pushes the image specified by the imageID to a container
203 registry named registry.example.com
204 # podman push imageID docker://registry.example.com/repository:tag
207 This example pushes the image specified by the imageID to a container
210 registry named registry.example.com and saves the digest in the speci‐
211 fied digestfile.
212 # podman push --digestfile=/tmp/mydigest imageID docker://registry.ex‐
215 ample.com/repository:tag
216 This example pushes the image specified by the imageID and puts it into
219 the local docker container store
220 # podman push imageID docker-daemon:image:tag
223 This example pushes the alpine image to umohnani/alpine on dockerhub
226 and reads the creds from the path given to --authfile
227 # podman push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
230 Getting image source signatures
231 Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
232 4.03 MB / 4.03 MB [========================================================] 1s
233 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
234 1.41 KB / 1.41 KB [========================================================] 1s
235 Writing manifest to image destination
236 Storing signatures
237 This example pushes the rhel7 image to rhel7-dir with the "oci" mani‐
241 fest type
242 # podman push --format oci registry.access.redhat.com/rhel7 dir:rhel7-dir
245 Getting image source signatures
246 Copying blob sha256:9cadd93b16ff2a0c51ac967ea2abfadfac50cfa3af8b5bf983d89b8f8647f3e4
247 71.41 MB / 71.41 MB [======================================================] 9s
248 Copying blob sha256:4aa565ad8b7a87248163ce7dba1dd3894821aac97e846b932ff6b8ef9a8a508a
249 1.21 KB / 1.21 KB [========================================================] 0s
250 Copying config sha256:f1b09a81455c351eaa484b61aacd048ab613c08e4c5d1da80c4c46301b03cf3b
251 3.01 KB / 3.01 KB [========================================================] 0s
252 Writing manifest to image destination
253 Storing signatures
254
258 podman(1), podman-pull(1), podman-login(1), containers-certs.d(5), con‐
259 tainers-registries.conf(5), containers-transports(5)
260 podman-push(1)