1podman-push(1)              General Commands Manual             podman-push(1)
2
3
4

NAME

6       podman-push  -  Push  an image, manifest list or image index from local
7       storage to elsewhere
8
9

SYNOPSIS

11       podman push [options] image [destination]
12
13
14       podman image push [options] image [destination]
15
16

DESCRIPTION

18       Pushes an image, manifest list or image index from local storage  to  a
19       specified destination.
20
21

Image storage

23       Images are pushed from those stored in local image storage.
24
25

DESTINATION

27       DESTINATION  is  the location the container image is pushed to. It sup‐
28       ports all transports from containers-transports(5). If no transport  is
29       specified,  the  docker  (i.e.,  container registry) transport is used.
30       For remote clients, including Mac  and  Windows  (excluding  WSL2)  ma‐
31       chines, docker is the only supported transport.
32
33
34              # Push to a container registry
35              $ podman push quay.io/podman/stable
36
37              # Push to a container registry via the docker transport
38              $ podman push docker://quay.io/podman/stable
39
40              # Push to a container registry with another tag
41              $ podman push myimage quay.io/username/myimage
42
43              # Push to a local directory
44              $ podman push myimage dir:/tmp/myimage
45
46              # Push to a tarball in the docker-archive format
47              $ podman push myimage docker-archive:/tmp/myimage
48
49              # Push to a local docker daemon
50              $ sudo podman push myimage docker-daemon:docker.io/library/myimage:33
51
52              # Push to a tarball in the OCI format
53              $ podman push myimage oci-archive:/tmp/myimage
54
55
56

OPTIONS

58   --authfile=path
59       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
60       ers/auth.json on Linux, and $HOME/.config/containers/auth.json on  Win‐
61       dows/macOS.   The file is created by podman login. If the authorization
62       state is not found there, $HOME/.docker/config.json is  checked,  which
63       is set using docker login.
64
65
66       Note:  There is also the option to override the default path of the au‐
67       thentication file by setting the REGISTRY_AUTH_FILE  environment  vari‐
68       able. This can be done with export REGISTRY_AUTH_FILE=path.
69
70
71   --cert-dir=path
72       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
73       istry. (Default: /etc/containers/certs.d) For details, see  containers-
74       certs.d(5).   (This  option  is  not  available  with the remote Podman
75       client, including Mac and Windows (excluding WSL2) machines)
76
77
78   --compress
79       Compress tarball image layers when pushing to  a  directory  using  the
80       'dir'  transport.  (default is same compression type, compressed or un‐
81       compressed, as source)
82
83
84       Note: This flag can only be set when using the dir transport
85
86
87   --compression-format=gzip | zstd | zstd:chunked
88       Specifies the compression format to use.  Supported values  are:  gzip,
89       zstd  and  zstd:chunked.   The default is gzip unless overridden in the
90       containers.conf file.
91
92
93   --compression-level=level
94       Specifies the compression level to use.  The value is specific  to  the
95       compression  algorithm  used,  e.g. for zstd the accepted values are in
96       the range 1-20 (inclusive) with a default of 3, while for  gzip  it  is
97       1-9 (inclusive) and has a default of 5.
98
99
100   --creds=[username[:password]]
101       The  [username[:password]] to use to authenticate with the registry, if
102       required.  If one or both values  are  not  supplied,  a  command  line
103       prompt  appears  and  the value can be entered. The password is entered
104       without echo.
105
106
107       Note that the specified  credentials  are  only  used  to  authenticate
108       against  target  registries.  They are not used for mirrors or when the
109       registry gets rewritten (see containers-registries.conf(5)); to authen‐
110       ticate against those consider using a containers-auth.json(5) file.
111
112
113   --digestfile=Digestfile
114       After copying the image, write the digest of the resulting image to the
115       file.
116
117
118   --disable-content-trust
119       This is a Docker-specific option to disable  image  verification  to  a
120       container  registry  and  is  not supported by Podman. This option is a
121       NOOP and provided solely for scripting compatibility.
122
123
124   --encrypt-layer=layer(s)
125       Layer(s) to encrypt: 0-indexed layer indices with support for  negative
126       indexing  (e.g. 0 is the first layer, -1 is the last layer). If not de‐
127       fined, encrypts all layers if encryption-key flag is specified.
128
129
130   --encryption-key=key
131       The [protocol:keyfile] specifies the encryption protocol, which can  be
132       JWE  (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material
133       required for image encryption. For  instance,  jwe:/path/to/key.pem  or
134       pgp:admin@example.com or pkcs7:/path/to/x509-file.
135
136
137   --force-compression
138       If  set, push uses the specified compression algorithm even if the des‐
139       tination contains a differently-compressed variant  already.   Defaults
140       to true if --compression-format is explicitly specified on the command-
141       line, false otherwise.
142
143
144   --format, -f=format
145       Manifest Type (oci, v2s2, or v2s1) to use when pushing an image.
146
147
148   --quiet, -q
149       When writing the output image, suppress progress output
150
151
152   --remove-signatures
153       Discard any pre-existing signatures in the image.
154
155
156   --sign-by=key
157       Add a “simple signing” signature at the destination using the specified
158       key.  (This  option is not available with the remote Podman client, in‐
159       cluding Mac and Windows (excluding WSL2) machines)
160
161
162   --sign-by-sigstore=*param-file***
163       Add a sigstore signature based on further options specified in  a  con‐
164       tainer's  sigstore  signing parameter file param-file.  See containers-
165       sigstore-signing-params.yaml(5) for details about the file format.
166
167
168   --sign-by-sigstore-private-key=path
169       Add a sigstore signature at the destination using a private key at  the
170       specified  path.  (This  option is not available with the remote Podman
171       client, including Mac and Windows (excluding WSL2) machines)
172
173
174   --sign-passphrase-file=path
175       If signing the image (using either --sign-by or --sign-by-sigstore-pri‐
176       vate-key), read the passphrase to use from the specified path.
177
178
179   --tls-verify
180       Require  HTTPS  and verify certificates when contacting registries (de‐
181       fault: true).  If explicitly set to true, TLS verification is used.  If
182       set to false, TLS verification is not used.  If not specified, TLS ver‐
183       ification is used unless the target registry is listed as  an  insecure
184       registry in containers-registries.conf(5)
185
186

EXAMPLE

188       This  example  pushes the image specified by the imageID to a local di‐
189       rectory in docker format.
190
191
192       # podman push imageID dir:/path/to/image
193
194
195       This example pushes the image specified by the imageID to a  local  di‐
196       rectory in oci format.
197
198
199       # podman push imageID oci-archive:/path/to/layout:image:tag
200
201
202       This  example  pushes the image specified by the imageID to a container
203       registry named registry.example.com
204
205
206       # podman push imageID docker://registry.example.com/repository:tag
207
208
209       This example pushes the image specified by the imageID to  a  container
210       registry  named registry.example.com and saves the digest in the speci‐
211       fied digestfile.
212
213
214       # podman push --digestfile=/tmp/mydigest imageID  docker://registry.ex‐
215       ample.com/repository:tag
216
217
218       This example pushes the image specified by the imageID and puts it into
219       the local docker container store
220
221
222       # podman push imageID docker-daemon:image:tag
223
224
225       This example pushes the alpine image to  umohnani/alpine  on  dockerhub
226       and reads the creds from the path given to --authfile
227
228
229              # podman push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
230              Getting image source signatures
231              Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
232               4.03 MB / 4.03 MB [========================================================] 1s
233              Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
234               1.41 KB / 1.41 KB [========================================================] 1s
235              Writing manifest to image destination
236              Storing signatures
237
238
239
240       This  example  pushes the rhel7 image to rhel7-dir with the "oci" mani‐
241       fest type
242
243
244              # podman push --format oci registry.access.redhat.com/rhel7 dir:rhel7-dir
245              Getting image source signatures
246              Copying blob sha256:9cadd93b16ff2a0c51ac967ea2abfadfac50cfa3af8b5bf983d89b8f8647f3e4
247               71.41 MB / 71.41 MB [======================================================] 9s
248              Copying blob sha256:4aa565ad8b7a87248163ce7dba1dd3894821aac97e846b932ff6b8ef9a8a508a
249               1.21 KB / 1.21 KB [========================================================] 0s
250              Copying config sha256:f1b09a81455c351eaa484b61aacd048ab613c08e4c5d1da80c4c46301b03cf3b
251               3.01 KB / 3.01 KB [========================================================] 0s
252              Writing manifest to image destination
253              Storing signatures
254
255
256

SEE ALSO

258       podman(1), podman-pull(1), podman-login(1), containers-certs.d(5), con‐
259       tainers-registries.conf(5), containers-transports(5)
260
261
262
263                                                                podman-push(1)
Impressum