1podman-push(1)              General Commands Manual             podman-push(1)
2
3
4

NAME

6       podman-push  -  Push  an image, manifest list or image index from local
7       storage to elsewhere
8
9

SYNOPSIS

11       podman push [options] image [destination]
12
13
14       podman image push [options] image [destination]
15
16

DESCRIPTION

18       Pushes an image, manifest list or image index from local storage  to  a
19       specified destination.
20
21

Image storage

23       Images are pushed from those stored in local image storage.
24
25

DESTINATION

27       DESTINATION  is  the location the container image is pushed to. It sup‐
28       ports all transports from containers-transports(5). If no transport  is
29       specified,  the  docker  (i.e.,  container registry) transport is used.
30       For remote clients, including Mac  and  Windows  (excluding  WSL2)  ma‐
31       chines, docker is the only supported transport.
32
33       # Push to a container registry
34       $ podman push quay.io/podman/stable
35
36       # Push to a container registry via the docker transport
37       $ podman push docker://quay.io/podman/stable
38
39       # Push to a container registry with another tag
40       $ podman push myimage quay.io/username/myimage
41
42       # Push to a local directory
43       $ podman push myimage dir:/tmp/myimage
44
45       # Push to a tarball in the docker-archive format
46       $ podman push myimage docker-archive:/tmp/myimage
47
48       # Push to a local docker daemon
49       $ sudo podman push myimage docker-daemon:docker.io/library/myimage:33
50
51       # Push to a tarball in the OCI format
52       $ podman push myimage oci-archive:/tmp/myimage
53
54
55

OPTIONS

57   --authfile=path
58       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
59       ers/auth.json on Linux, and $HOME/.config/containers/auth.json on  Win‐
60       dows/macOS.   The file is created by podman login. If the authorization
61       state is not found there, $HOME/.docker/config.json is  checked,  which
62       is set using docker login.
63
64
65       Note:  There is also the option to override the default path of the au‐
66       thentication file by setting the REGISTRY_AUTH_FILE  environment  vari‐
67       able. This can be done with export REGISTRY_AUTH_FILE=path.
68
69
70   --cert-dir=path
71       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
72       istry. (Default: /etc/containers/certs.d) For details, see  containers-
73       certs.d(5).   (This  option  is  not  available  with the remote Podman
74       client, including Mac and Windows (excluding WSL2) machines)
75
76
77   --compress
78       Compress tarball image layers when pushing to  a  directory  using  the
79       'dir'  transport.  (default is same compression type, compressed or un‐
80       compressed, as source)
81
82
83       Note: This flag can only be set when using the dir transport
84
85
86   --compression-format=gzip | zstd | zstd:chunked
87       Specifies the compression format to use.  Supported values  are:  gzip,
88       zstd  and  zstd:chunked.   The default is gzip unless overridden in the
89       containers.conf file.
90
91
92   --compression-level=level
93       Specifies the compression level to use.  The value is specific  to  the
94       compression  algorithm  used,  e.g. for zstd the accepted values are in
95       the range 1-20 (inclusive) with a default of 3, while for  gzip  it  is
96       1-9 (inclusive) and has a default of 5.
97
98
99   --creds=[username[:password]]
100       The  [username[:password]] to use to authenticate with the registry, if
101       required.  If one or both values  are  not  supplied,  a  command  line
102       prompt  appears  and  the value can be entered. The password is entered
103       without echo.
104
105
106       Note that the specified  credentials  are  only  used  to  authenticate
107       against  target  registries.  They are not used for mirrors or when the
108       registry gets rewritten (see containers-registries.conf(5)); to authen‐
109       ticate against those consider using a containers-auth.json(5) file.
110
111
112   --digestfile=Digestfile
113       After copying the image, write the digest of the resulting image to the
114       file.
115
116
117   --disable-content-trust
118       This is a Docker-specific option to disable  image  verification  to  a
119       container  registry  and  is  not supported by Podman. This option is a
120       NOOP and provided solely for scripting compatibility.
121
122
123   --encrypt-layer=layer(s)
124       Layer(s) to encrypt: 0-indexed layer indices with support for  negative
125       indexing  (e.g. 0 is the first layer, -1 is the last layer). If not de‐
126       fined, encrypts all layers if encryption-key flag is specified.
127
128
129   --encryption-key=key
130       The [protocol:keyfile] specifies the encryption protocol, which can  be
131       JWE  (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material
132       required for image encryption. For  instance,  jwe:/path/to/key.pem  or
133       pgp:admin@example.com or pkcs7:/path/to/x509-file.
134
135
136   --force-compression
137       If  set, push uses the specified compression algorithm even if the des‐
138       tination contains a differently-compressed variant  already.   Defaults
139       to true if --compression-format is explicitly specified on the command-
140       line, false otherwise.
141
142
143   --format, -f=format
144       Manifest Type (oci, v2s2, or v2s1) to use when pushing an image.
145
146
147   --quiet, -q
148       When writing the output image, suppress progress output
149
150
151   --remove-signatures
152       Discard any pre-existing signatures in the image.
153
154
155   --sign-by=key
156       Add a “simple signing” signature at the destination using the specified
157       key.  (This  option is not available with the remote Podman client, in‐
158       cluding Mac and Windows (excluding WSL2) machines)
159
160
161   --sign-by-sigstore=*param-file***
162       Add a sigstore signature based on further options specified in  a  con‐
163       tainer's  sigstore  signing parameter file param-file.  See containers-
164       sigstore-signing-params.yaml(5) for details about the file format.
165
166
167   --sign-by-sigstore-private-key=path
168       Add a sigstore signature at the destination using a private key at  the
169       specified  path.  (This  option is not available with the remote Podman
170       client, including Mac and Windows (excluding WSL2) machines)
171
172
173   --sign-passphrase-file=path
174       If signing the image (using either --sign-by or --sign-by-sigstore-pri‐
175       vate-key), read the passphrase to use from the specified path.
176
177
178   --tls-verify
179       Require  HTTPS  and verify certificates when contacting registries (de‐
180       fault: true).  If explicitly set to true, TLS verification is used.  If
181       set to false, TLS verification is not used.  If not specified, TLS ver‐
182       ification is used unless the target registry is listed as  an  insecure
183       registry in containers-registries.conf(5)
184
185

EXAMPLE

187       This  example  pushes the image specified by the imageID to a local di‐
188       rectory in docker format.
189
190
191       # podman push imageID dir:/path/to/image
192
193
194       This example pushes the image specified by the imageID to a  local  di‐
195       rectory in oci format.
196
197
198       # podman push imageID oci-archive:/path/to/layout:image:tag
199
200
201       This  example  pushes the image specified by the imageID to a container
202       registry named registry.example.com
203
204
205       # podman push imageID docker://registry.example.com/repository:tag
206
207
208       This example pushes the image specified by the imageID to  a  container
209       registry  named registry.example.com and saves the digest in the speci‐
210       fied digestfile.
211
212
213       # podman push --digestfile=/tmp/mydigest imageID  docker://registry.ex‐
214       ample.com/repository:tag
215
216
217       This example pushes the image specified by the imageID and puts it into
218       the local docker container store
219
220
221       # podman push imageID docker-daemon:image:tag
222
223
224       This example pushes the alpine image to  umohnani/alpine  on  dockerhub
225       and reads the creds from the path given to --authfile
226
227       # podman push --authfile temp-auths/myauths.json alpine docker://docker.io/umohnani/alpine
228       Getting image source signatures
229       Copying blob sha256:5bef08742407efd622d243692b79ba0055383bbce12900324f75e56f589aedb0
230        4.03 MB / 4.03 MB [========================================================] 1s
231       Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
232        1.41 KB / 1.41 KB [========================================================] 1s
233       Writing manifest to image destination
234       Storing signatures
235
236
237
238       This  example  pushes the rhel7 image to rhel7-dir with the "oci" mani‐
239       fest type
240
241       # podman push --format oci registry.access.redhat.com/rhel7 dir:rhel7-dir
242       Getting image source signatures
243       Copying blob sha256:9cadd93b16ff2a0c51ac967ea2abfadfac50cfa3af8b5bf983d89b8f8647f3e4
244        71.41 MB / 71.41 MB [======================================================] 9s
245       Copying blob sha256:4aa565ad8b7a87248163ce7dba1dd3894821aac97e846b932ff6b8ef9a8a508a
246        1.21 KB / 1.21 KB [========================================================] 0s
247       Copying config sha256:f1b09a81455c351eaa484b61aacd048ab613c08e4c5d1da80c4c46301b03cf3b
248        3.01 KB / 3.01 KB [========================================================] 0s
249       Writing manifest to image destination
250       Storing signatures
251
252
253

SEE ALSO

255       podman(1), podman-pull(1), podman-login(1), containers-certs.d(5), con‐
256       tainers-registries.conf(5), containers-transports(5)
257
258
259
260                                                                podman-push(1)
Impressum